Cyber Crime: coming to a computer near you – SOON!
Andrew Taylor of Bronzeye IBRM says affordable online security solutions are available
It never fails to astonish me how complacent people can be about their risk of falling victim to cyber-crime. Senior managers frequently tell me that cyber-security is not a priority. “They won’t be interested in little old us!” is often the line. One even opined that if he lost money, that was the bank’s risk. Er, only maybe! And even so, do you really want all that hassle that comes with sorting out the mess? This relaxed attitude is severely misplaced. SMEs need to do a little coffee smelling. The risk is high, and escalating by the day. Those who do not prepare, put themselves in the way of becoming nothing more than a crime statistic – 80% of companies which fall victim to a cyberbreach and have not prepared will go out of business in the following 12 months. Breaches tend to be hidden behind a wall of secrecy. Those we hear of, usually involve ‘negligence’ – where someone has been conned into doing something they really should not have. Thousands of successful attacks have been hidden because banks don’t want it generally known that they struggle to keep up with the threat, thousands more because companies that have been digitally burgled don’t want a reputational hit too.
Change is coming. UK law will soon require compulsory notification of breaches. Even fines for non-compliance will be punitive. The law is putting in place contingency to go after those who are negligent – and it’s going to be painful. Criminals are actively targeting SME’s now. A friend working for one of the large banks recently told me that they have identified a gang which has stolen an estimated £250million from UK SMEs. They hadn’t realised the scale of the problem because this is not information that banks routinely exchange. When they did discuss it, the numbers came as a nasty shock. Two recent cyber-crimes that made the papers are worthy of note. In one, a CFO believed he was talking with a senior manager at his bank and was convinced into handing over the on-line banking keys – £950,000 was stolen.
In the second, staff were persuaded to transfer money into ‘holding accounts’ whilst a problem with “a virus in their account” was sorted out – £1million was stolen. In both cases, the criminals had obviously breached the target’s systems and built a good understanding about processes and procedures. With this information, skilful conmen were then able to finish the job – and the banks didn’t have to pay. Cyber-criminals are interested in SMEs because their defences are almost certain to be less sophisticated. SMEs offer hackers training and experience, high cash balances in fewer pots and, frequently, a backdoor into larger enterprises – 70% of breaches at larger companies begin in their supply chain. This is all soon going to change. The UK government has begun to pressure all companies to raise their game. Compliance requirements are becoming more stringent. But compliance brings high costs and can act as a barrier to entry leaving SMEs feeling that they are constantly running up the down escalator.
Whether the smallest ‘S’ or the biggest ‘E’, affordable solutions are available to SMEs. The cornerstone will always be a structured, well thought-out governance regime that enables a risk-based, cost justified analysis of the threat. This allows for appropriate defences to be deployed, creating a strong deterrent and robust response capability. This approach is well within the reach of every SME. If your alternative, for whatever reason, is to adopt the ostrich stance, it is unlikely that you will spot the problem until too late, then you may well have no company to protect.
CEO of Bronzeye IBRM
BronzeyeIBRM offers an affordable monthly subscription-based information and cyber security service to SMEs and others.