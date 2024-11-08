Recent research has revealed 48% of UK small businesses don’t provide cybersecurity awareness training to employees.

Analysing hundreds of small to mid-sized organisations, the Birmingham IT solutions business conducted in-depth cyber-security risk assessments to reveal the current threats, risks and areas of critical improvement in businesses.

In addition to this, recent YouGov data also painted a bleak picture for businesses when it came to computer security.

Shockingly, in the last 12 months 2.39 million businesses have experienced some form of cyber crime, with it being estimated that 11% of businesses and 8% of charities have been the victim of at least one cyber crime in the last 12 months.

It is no surprise the Proband research also revealed nearly half (47%) of those in the assessment did not have up to date anti-virus software to detect, quarantine and remove malicious software. While nearly a fifth (15%) currently don’t have any firewall to protect them from cyber security breaches or attacks from external networks like the internet.

Talking about the findings of it’s Cyber Risk Report in more detail, Matt Royle, Marketing Director at Probrand said: “It’s clear to see cyber threats are increasing in volume and complexity, particularly with the dawning of AI, which is powering a new wave of attacks on businesses and public sector organisations alike.

“Remembering that all the threat actors are interested in is making money, it is no surprise that we see small businesses and charities are seen to be easier targets. As human beings we are naturally error prone, and hackers are tuned into this weak link. That is why it’s so important for UK businesses to provide continuous cybersecurity awareness testing and training to all employees. This will help keep them consistently aware of the latest tactics being used, and help them identify and act upon cyber attacks to minimise the risk of financial impact on their organisation.

“Businesses need to up their game based on our research and the YouGov data. Other findings revealed 29% of businesses had no patch management in place - a process which is critical in maintaining ongoing security and productivity.

“Overall, it is clear there is a need for businesses to improve how they mitigate risks, defend and recover from cyber threats, which includes updating their cybersecurity stance from a technology and employee awareness perspective.”

As a result of this, Probrand has provided some insights into the five key layers of cybersecurity to help businesses prepare for the unexpected:

Identify

This is the first step to try and understand your IT infrastructure, applications and the information they support. It’s during this stage you’ll be able to identify the cybersecurity risks facing your organisation. You can do this either through an external assessment or auditing tools which will help you gain full knowledge of all systems, a Pen test would be a good starting point. This will simulate a cyber attack on a computer system or network to identify security weaknesses.

Protect

Once you’ve identified and gained full knowledge of your systems and weaknesses you are then able to put protective measures in place to defend against the risk and threats you have identified.

One of the ways you can do this is by having complex password policies in place. Having Multi-factor Authentication for all cloud-based applications and VPN connections. This is a security method that requires more than just a password to access an account or resource. For example, a code being sent to a mobile number. Email security policies should also be put in place so employees are able to identify and reduce SPAM and malicious emails. The training will also help to identify sophisticated SPAM emails and what to do if they receive one.

You can also check what you get as part of your MS365 licensing and look at additional MS365 features such as conditional access and Microsoft labels to add further protection to both your users and data.

Detect

Many online attackers are able to fly under the radar, which means proper network and system monitoring is crucial if you are to spot them. Make sure to have routines and processes in place to check for suspicious activity or invest in SIEM such as Microsoft Sentinel which can help identify suspicious alerts and attacks.

Respond

A proper cybersecurity plan acknowledges that attacks may succeed despite your best efforts. That’s why it’s important to have a plan in place for disasters. Having an incident response plan for cybersecurity attacks will help you hit the ground running and minimise the impact of an attack.

81% of businesses that were surveyed didn’t have a valid DR plan to deal with a major Cyber incident, highlighting the gaps that are needed to be filled by small businesses. Putting together a recovery playbook is an essential part of an efficient plan. The plan will help map out all systems and more importantly identify key systems that need to be brought online first. Most response’s will require third party assistance and they will need direction with regards to priorities as they wont be close enough to the business to make the decisions themselves.

Recover

If you are hit with Ransomware and your data has been encrypted you are left with two options, Recover from backup or pay the ransom. If your backup has been compromised as part of the attack or is inadequate then you are out of options.

However, it’s important to check the terms and conditions of your cyber insurance as you may have to wipe and rebuild all systems as a condition of the policy paying out. Any backups will need to be checked and the data sanitised before it can be restored. Simply restoring whole backups may lead to back doors being restored and your network being encrypted again.

Despite this, businesses can learn from these types of attacks and ensure they have the correct security and policies in place should it happen again. Conduct a post-mortem, analysing your system logs to understand how the attackers exploited your weaknesses. Use these insights to enhance your security policies and make any necessary changes to your infrastructure.

For more tips on how to protect your business from cyber threats, please find the Ultimate Guide to Cyber Security here.