Eden Dwek
Innovative Startups
KPMG

In 2015, there were a number of high profile attacks on businesses and institutions that were well publicised in the press. Organisations as diverse as the FBI, Ashley Madison, TalkTalk, Vodafone and Hilton International suffered serious cyber breaches. In the past year, two thirds of large businesses in the UK have suffered a cyber breach or attack, according to new research from the Department of Culture, Media and Sport.1

This year, cybercriminals have gone after far easier targets, training their sights on small and medium-sized businesses. Typical of the new type of victim is vehicle hire company MNH Platinum. The Blackburn-based company was recently the target of a sophisticated hack, which encrypted more than 12,000 files on its company network. A ransom demand quickly followed from the hackers demanding £3,000 to decrypt the files.2

In the past year, two thirds of large businesses in the UK have suffered a cyber breach or attack, according to new research from the Department of Culture, Media and Sport.

 

Experts believe that cases like MNH Platinum are just the tip of the iceberg, with a vast number of incidents still going unreported. Unfortunately, many SMEs are woefully unprepared for cyber attacks. They mistakenly believe that hacks will never happen to them and often fail to invest enough resources in protecting themselves.

Once you understand who you are at risk from and what electronic information you need to be protecting, you can ensure the necessary processes are in place for your business to remain vigilant. The Government’s Cyber Essentials scheme on Cyber Streetwise gives some information on good basic cyber security practice. You can also follow these ten steps, published by NCSC, to help prevent 80% of cyber security attacks.

  1. Home and Mobile Networking – these should be securely set up with a defined policy.
  2. Network Security – networks should be protected and unauthorised access prevented and monitored by firewalls.
  3. Malware Protection – work out how to protect yourself from viruses.
  4. Security Configuration – apply security patches and ensure that your systems are secure.
  5. Monitoring – ensure you’re monitoring your systems and networks, and that someone keeps an eye out for strange activity.
  6. Removable Media Controls – have a policy about removable media such as USB drives and scan the media before they can be used.
  7. Managing User Privileges – establish processes to manage accounts, limit user privileges, and monitor user activity.
  8. Incident management – work out what you would do if your systems are attacked or if your systems fail.
  9. User Education and Awareness – key to cyber security is people knowing what they should do.
  10. Information Risk Management Regime – work out how the governance around cyber security works and what risks can be both taken and avoided.

1https://www.gov.uk/government/news/two-thirds-of-large-uk-businesses-hit-by-cyber-breach-or-attack-in-past-year

2https://www.theguardian.com/small-business-network/2016/feb/08/huge-rise-hack-attacks-cyber-criminals-target-small-businesses

Resources

Guide

The Startup Cyber Guide

Your guide to a secure company.

Read
Report

Venture Pulse Q4 2017

An analysis of global and UK venture funding.

Read
Article

Five characteristics every entrepreneur should have

The traits entrepreneurs can't do without.

Read