Things were usual at MNH Platinum, a company that deals with vehicle hire. Little were they aware that just a click of an email link was likely to put the business in jeopardy.
Early last year, a firm based in Blackburn got its 12, 0000 files located in the company’s network encrypted. Subsequently, the criminals demanded a ransom amounting to £3,000 in order to decrypt the files.
With all the attempts to remove the virus without losing important data proving impossible, the organization had no choice rather than paying. The company’s managing director Mark Hindle stated that they were completely unprepared for the cyber-attack owing to the neglect of the implication such an attack could have on the company.
This case is not an isolated one and professionals are cautioning that small businesses are more prone to the threat of cyber-attack since in most cases they are unprepared.
Andrew Dyhan, the Customer Success Manager of Semalt Digital Services, discusses the ways cyber criminals attack small business.
Historically, Small and Medium Enterprises (SMEs) are not the common target of cyber crime but in 2015, Toni Allen, argues that things drastically changed. According to a survey conducted by the government on security breaches, 75 percent of small business reported the possibility of an attack in 2012 and the trends increased in 2013 and 2014.
Statistics from Symantec, a firm that deals with cyber security indicate that over half of spear phishing attacks conducted through email in 2012 were against small businesses.
The new European regulation makes the issue of cyber security for SMEs more critical since they have an objective of safeguarding customer data. The recently developed regulation will come to play in 2018 and could result in the organization being fined 4 percent of their annual revenue or €20m whichever is greater for permitting security breaches to interfere with the client’s data.
Criminals perceive SMEs as softer targets are in most cases, they are channels to a huge prize.
Cyber Streetwise campaign, an initiative managed by Home Office highlights the following as the major cyber threats against SMEs:
Hack attack
The attack occurs when the criminals access an organization’s network by optimizing on an unpatched susceptibility within the application, making it easy for them to access the company data.
Ransomware
Happens when a piece of malicious application in most cases received through a phishing email locks the information on the organization’s network. Subsequently, the criminals request for a ransom in the range of £500–£1,000 to avail the decryption key.
Human error
In most cases, people are the most prone link in a given security chain, and a significant portion of information breaches are as consequence of data being lost or disseminated to the wrong individual. Even the ordinary attacks can have significant impacts in situations where critical PII is involved.
Denial of service attack
When an organization has a huge volume of information in its servers pushed through a malicious channel. These type of attacks can be easily executed with minimal investment.
CEO fraud
It occurs when an attacker impersonates a senior individual with the company either by spoofing or hacking their email account and compels a person with financial authority to execute a payment.