Cyberattacks pose grave risks to businesses, threatening finances, data, and reputation.
The digital age has brought unprecedented opportunities for businesses, but it has also given rise to a significant threat: Cyberattacks.
In recent years, these attacks have surged in frequency and sophistication, leaving a trail of financial and reputational damage in their wake.
During the pandemic, hospitals were regular targets of ransomware attacks, jeopardising patients’ well-being.
But businesses are also increasingly targeted - and it's not just the big ones.
The proportion of firms with fewer than 10 employees experiencing a cyber attack has increased from 23% to 36% in the past three years, according to insurance company Hiscox’s annual report.
Payment diversion fraud, the most common form of cybercrime
“Payment diversion fraud appears to be the most dominant form of cybercrime, one in three businesses experienced it during their last 12 months,” Eddie Lamb, Cyber Education and Advisory, Hiscox, told Euronews Business.
During this kind of attack, cybercriminals attempt to divert or steal payments that are intended for legitimate recipients.
Additionally, ransomware attacks are still ongoing, with cyber criminals targeting the Greater Manchester police force just last month.
Data theft is also a regular occurrence: “Businesses’ confidential data and intellectual property are high on the radar,” Lamb said.
The average cost of an attack is €15,000 but one in eight attacked businesses suffered losses to the tune of €238,000 or more, according to Lamb. Furthermore, “one in five respondents said that the cyber attack they experienced was enough to threaten the viability of their business moving forward,” he said.
Financial losses and lost revenue are not the sole repercussions of a cyber attack.
“It's not just about the financial damage of a cybercrime,” said Lamb. “It's also looking at more intangible elements like brand damage or the breakdown in relations of trust with your consumers, which could have longer-term consequences for your business.”
This is especially the case in the case of data breaches, with sometimes data more sensitive than a list of emails being leaked.
For example, US cybersecurity firm FireEye was hacked in 2020 - possibly by a nation-state due to the sophistication of the attack - and lost a tool kit.
While cyberattacks of this scope are rare, businesses of all sizes should take prevention measures to make sure they are better protected against them.
How to prevent a cyberattack?
There’s no “silver bullet” that can entirely prevent an attack, according to Lamb, but he nonetheless suggested steps that businesses can take to reduce their vulnerability.
His first piece of advice is to install modern anti-virus technology on the devices with “endpoint detection and response (EDR)”.
EDR allows real-time monitoring of threats and can automatically take action to prevent or reduce harm.
Multifactor identification or using biometrics are other measures that can be taken, Lamb said.
The UK National Cyber Security Centre also highlighted the importance of properly backing up the data in its cyber security guide for small businesses.
Finally, one of the weakest links in any cybersecurity chain is human error. To mitigate this risk, it is essential to educate and train employees about best cybersecurity practices.
“Tactics used in cybercrime evolve constantly. So we need to keep on top of what the latest trends are,” Lamb said.
Several companies offer audits to individuals and businesses to give insights into their level of cybersecurity maturity.
And if something happens?
“Our research shows that 53% of respondents experienced one or more cyber attacks in the last 12 months, which shows that the odds really are in favour of cybercrime,” Lamb warned.
“Businesses should prepare for cyberattacks on the basis of when it happens and not if,” he added, insisting that “the most important characteristic … is not necessarily whether you've had a breach, but how you deal with it”.
For this purpose, it is important to have clear and comprehensive security policies in place, including an incident response plan.
In addition to having a dedicated team or a person in charge of cyber defence, the plan should outline the steps to take in the event of a cyberattack to ensure a swift and coordinated response and minimise downtime.