In recent years, there has been an exponential rise in the number of cyber criminals targeting small to medium-sized businesses (SMEs) – many of whom are extremely vulnerable to cyber crime due to inadequate security infrastructure and cyber awareness training.
In this Q&A, Jack Viljoen, Head of Marketing at data-driven insights specialist, Prodinity, discusses some of the issues facing SMEs and why advanced cyber penetration (PEN) testing is vital to stress-test and strengthen their security capabilities.
Why is Cyber Security so important?
Firstly, I’d like to start by mentioning that I really don’t like the term Cyber Security. It’s vague, futuristic and doesn’t really mean anything to someone who isn’t in the industry. I much prefer the term “Virtual Security”.
What exactly is “Virtual Security” and why is it something we need to worry about? If you are a small- medium sized business owner or executive, there is a good chance that you do not think it applies to you.
Why are SMEs targets for cyber criminals?
Why would hackers be interested in breaking into your organisation, when there are multi-billion dollar companies or governments to hack? It’s certainly a valid question. We always hear about it when a huge organisation is broken into but rarely when it happens to small businesses.
The truth is it does happen – and far more often than you might think. In fact, there were over 400,000 reports of fraud and cyber crime in the UK last year alone (Source: NFIB Fraud and Cyber Crime Dashboard) and in 2021, UK businesses lost more than £736 million to hackers (Source: Cyber Crime Cost UK £2.5bn in 2021 (Holistic.iT)).
Hackers will often target smaller businesses because there is less sophistication in their security systems, and they are easier targets. In fact, some statistics say that SMEs are three times more likely to be the victims of cyber crime than large businesses.
What is PEN testing / ethical hacking, and why is it important?
Through a targeted attack simulation, a penetration (PEN) test can take your business safely through real-world attack scenarios, allowing you to find and fix vulnerabilities before attackers can exploit them. You then receive a complete accredited report, which can be submitted to cyber insurers.
With cyber crime on the rise, cyber insurance claims have also seen an unprecedented increase, but many companies are finding that their current insurance packages simply aren’t covering them. They have had claims refused on account of neglecting basic virtual security, and with so much uncertainty, obtaining comprehensive cyber insurance is becoming more and more difficult.
So, what can you do to make sure that you are protected? Start by viewing virtual security the same way as you view physical security. Cyber criminals will often look for openings in systems like burglars walking down a street, knocking on all the doors until they find one that has been left unlocked. You wouldn’t dream of leaving your doors and windows unlocked so why do the equivalent virtually.
Red teaming – testing defences where the physical world meets the data world. Why does this matter?
Red teaming is like a PEN test in the sense that it is a simulated attack on your system. Where it differs, however, is that with a PEN test, the goal is to identify all the vulnerabilities and provide targeted solutions.
Red teaming really allows you to view a cyber attack from a hacker’s perspective. The team will do everything and anything to breach an organisation’s security, including but not limited to targeting hardware, systems, software and even employees. This is vital as 95% of cyber security breaches are still caused by human error which means testing your employees’ responses to attack simulations is still the most effective way to prevent serious data breaches.
Red teaming can even include breaching the organisation’s physical security, and really puts security protocol to the test. This can often bring to light vulnerabilities you may never have thought of.
What does continuous improvement look like from a cyber defence perspective?
It isn’t all doom and gloom though. Statistics show that an annual “Virtual Security” review is the most effective solution to prevent data breaches. This could include a PEN test, as well as red teaming and a cyber security seminar to keep employees informed about new threats and up-to-date cyber security information.
Cyber criminals and virtual crime are constantly evolving. Instances of cyber crime have been steadily rising over the last decade and will continue to do so – and as our technology becomes more sophisticated, so do the hackers and cyber criminals.
It’s important to continually update your Virtual Security and ensure that you are always protected.
This article was published in Cyber Defense magazine and is shared with the kind permission of the publisher.