Business insights: understanding the cyber security landscape
As technology advances, it would seem that life becomes easier. Tasks that once required a member of staff, can now be completed with a computer, and introducing new technology allows for staff to focus on delivering projects or helping customers - the possibilities are endless.
But one thing that is often overlooked is how these new technologies impact a business’s cyber security. Cyber attacks are becoming more frequent, cyber criminals are evolving and the types of attacks are becoming more sophisticated. It has been reported that over the last 12 months the UK has experienced a 630% increase in cloud-based cyber attacks.
As part of our ‘business insights’ series, we caught up with managing director Gordon Christie on the most common cyber attacks. Lifting the lid on the more sinister side of the internet, Gordon discusses everything from vulnerabilities and cyber attacks to the dark web, focusing on how businesses can protect themselves from unwanted attention online.
What is a cyber attack?
“A cyber attack is an assault used on single or multiple computers or networks by cybercriminals. Cybercriminals can disable computers, steal data or use a breached computer as the launch point for other attacks.
“Cyber criminals can use a variety of methods to launch a cyber attack. The most common types of attacks on businesses are phishing, malware or viral infections, and web surfing threats. Cyber attacks can come through email, downloads, or when users are browsing online, all of which can cause serious issues to a business if not dealt with in a timely manner.”
What are the most common types of cyber attacks?
“Phishing attacks are probably the most common method of cyber attacks that we deal with at IT Hotdesk. Phishing is a type of social engineering attack which has been designed to steal data from the victim. This data could be login details, financial, or company data. This style of attack is designed by an attacker to replicate a trusted brand, to trick the victim into opening an email, instant message, or text message. Phishing sites have been detected upto 30%, the attacker infiltrates by freezing the system as part of a ransomware attack or the revealing of sensitive information.
“Surprisingly, it’s quite easy for attackers to impersonate a brand or person on the internet. Even an unsophisticated attacker can register for a similar brand domain, host a website designed to trick customers and employees.
“An advanced persistent threat (APT) is a term used to describe a cyber attack in which the attacker uses a long presence on a network in order to continually steal highly sensitive data. These attacks are usually researched and studied to pinpoint large enterprise or government networks. APT attacks can lead to stolen information such as intellectual property, sensitive information, organisational infrastructures, and total site takeovers.
“Other common types of cyber attacks are malware or viral infections, which is when software is specifically designed to harm or exploit any programmable device, service or network. Once on your machine, the virus spreads by attaching itself to legitimate files or programs and is usually contracted through websites, flash drives or emails.
“Web surfing threats are the third most common type of attack. This is when a user is surfing websites that contain malicious code such as illegal streaming of movies, TV shows and music sites. This is more likely to happen on illegal or adult sites, or when surfing the dark web.”
What is the dark web? And why is this different?
“The dark web is for people who would rather hide from view when conducting activity on the internet. Web pages on the dark web cannot be accessed from popular search engines, and usually require a download to access. This is due to the nature of things that can be found there - such as drugs and illegal firearms.
“Although the dark web is not technically illegal, a lot of the business that is being conducted on it would be considered illegal. There are plenty of sites on it such as forums, blogs and social media platforms that focus on politics and sports which are not illegal, when it comes to your business, we would advise that the dark web is listed as a prohibited task on your company’s IT policy.”
How has this changed over the last 12 months?
“The types of attacks haven’t changed but the method and the messages within the emails have.
Previously, the most common types of attacks were people selling a fake product or service however the language is now very much around tax rebates or receiving your Covid vaccine.
“The developers of these attacks are becoming smarter and their approach more complex. This has led to them having access to a great deal of information which, I believe, is why more users are becoming victims. I think that this is definitely a trend that will continue to grow as artificial intelligence becomes more accessible.”
Do you have any idea why?
"I think working from home has played a major part in the increase of cyber attacks. Often in offices, staff would communicate and seek advice from colleagues on the authenticity of an email, but with the current situation, staff are sitting at home with minimal social interaction and are therefore more vulnerable to cyber attacks.
"Providing security awareness training will give staff the skills required to spot any unusual activity and the confidence to report it, which in turn provides business owners with peace of mind that their systems are safe."
What is the cost or impact of these attacks?
“To me, the biggest cost to any business is its reputation. No business owner wants their brand being linked to a data leak, especially if they’re handling sensitive information. Depending on the size and type of attack, the damage to a business’s reputation can be huge. I read a business wire study last month that claimed that 41% of UK consumers will never purchase from a company again after they’ve reported a data breach.
“As well as the long term impact on sales, there’s also the financial cost to your business which can be quite significant. The average cost of a cyber security breach is estimated to be £3,230 per record, which can quickly add up.
“Another cost that is often overlooked is the cost of downtime. If you experience a cyber attack, your business operations may be significantly impacted, with staff spending days offline.
“They say you have to spend money to make money, but in this case I’d say you have to spend money to save money. With 46% of businesses reporting cyber attacks at least once a week, the cost of implementing a robust cyber strategy could save your business money long term.”
How can people protect themselves from these attacks?
“At IT Hotdesk, we believe in the detect and protect method, and businesses are encouraged to incorporate security awareness training, antivirus software, and licensed trustworthy software for business operations as part of their cyber security strategy.
“I always say that a business's staff are the final line of defence. You can have the strongest strategy in the world, but if your staff aren’t cyber aware you can still face an attack.
“We recently added Security Awareness Training to our portfolio because we wanted to engage with staff and make them feel more informed, giving them the confidence to identify, avoid and report any fraudulent behaviour. This has been extremely popular with our customers, especially those with staff working remotely.
“Having the correct software in place is key to cyber security, if possible you want next-generation level threat detection capabilities so you can identify and eradicate any threats before they become problems. It is also important to make sure that your software is licensed and legitimate.”
In response to the increased threat, the team at IT Hotdesk are offering free 1-2-1 consultations to new and existing customers. Working in alignment with the cyber essentials scheme, which is supported by the UK Government, our team of experts can assess your business and provide guidance on how to improve our cyber strategy.
Demonstrate your company’s commitment to cyber security by adding a Cyber Essentials certification to your achievements.
Cyber Essentials is a simple yet effective, Government backed scheme that will help you to protect your organisation, regardless of its size, against a whole range of the most common cyber attacks.