The UK Government’s Cyber Breaches Survey for 2023 has revealed that smaller businesses are not prioritising cyber security measures. This is concerning, given that cyber attacks are becoming increasingly sophisticated and harder to detect, according to John Davis, Director UK & Ireland at SANS Institute EMEA, the largest provider of cyber security education in the world. The survey found that 83% of small businesses believe cyber security is a high priority this year, which is a 4% drop from 2022. Moreover, 66% of small businesses do not have any board members or trustees who take strong responsibility for handling cyber security.
Smaller businesses have faced significant economic concerns in recent years, such as higher energy costs, higher inflation, and wider economic uncertainty, which may be why cyber security is not a top priority for them. Changes in the business environment and the greater prominence of hybrid working models have also made it harder for smaller businesses to identify cyber security breaches. Hackers are taking advantage of this, says Davis, as they become more prevalent, sophisticated, and harder to detect.
Davis urges businesses to remember that prevention is always better than cure, and even the smallest security steps can make a difference. He suggests that legacy IT often plays fast and loose with valuable data, and turning to the cloud could be a great alternative, as it has many valuable security aspects. Additionally, Davis stresses the need for employees to be educated about cyber threats, as “power comes through knowledge.”
Despite Davis’ advice, many organizations still do not provide adequate training for dealing with cyber dangers. A survey from Specops Software found that 41% of organizations do not provide the necessary training. Furthermore, Hornetsecurity’s research revealed that 33% of companies are not providing cyber security awareness training to remote staff. This is particularly relevant as more employees work from home full-time or have a hybrid working system that means they are not in direct contact with expert IT staff.
The specific cyber threats that businesses face are constantly evolving. Zero-day attacks have become much more prevalent, with 40% of zero-day attacks in the past decade occurring in 2021 alone. A zero-day attack occurs when a hacker exploits a potentially pivotal component of software before it can be fixed or even recognized. The damage these attacks can cause can negatively affect a business’s revenue and reputation.
Another growing cyber threat is Internet of Things (IoT) devices. These gadgets, sensors, appliances, and actuators are more vulnerable to hackers than ever before, with 43 billion of them across the globe. Additionally, cybercriminals are using public USB ports to infect phones or tablets with spyware or malware. The FBI has issued a warning to the public not to use public phone charging ports as sensitive data can be accessed and copied by hackers.
Cyber security is crucial for all businesses, regardless of their size. With the growing sophistication of cyber attacks and the increase in remote working, it is essential that companies prioritize cyber security measures and provide adequate training to employees. The consequences of a cyber attack can be devastating, affecting a business’s revenue and reputation. By taking small but significant steps, such as using cloud computing and implementing cyber security training programs, businesses can safeguard their data and operations against cyber threats.