Page 166 - Cyber Defense eMagazine December 2022 Edition
P. 166
Why are SMEs targets for cyber criminals?
Why would hackers be interested in breaking into your organisation, when there are multi-billion dollar
companies or governments to hack? It’s certainly a valid question. We always hear about it when a huge
organisation is broken into but rarely when it happens to small businesses.
The truth is it does happen - and far more often than you might think. In fact, there were over 400,000
reports of fraud and cyber crime in the UK last year alone (Source: NFIB Fraud and Cyber Crime
Dashboard) and in 2021, UK businesses lost more than £736 million to hackers (Source: Cyber Crime
Cost UK £2.5bn in 2021 (Holistic.iT)).
Hackers will often target smaller businesses because there is less sophistication in their security systems,
and they are easier targets. In fact, some statistics say that SMEs are three times more likely to be the
victims of cyber crime than large businesses.
What is PEN testing / ethical hacking, and why is it important?
Through a targeted attack simulation, a penetration (PEN) test can take your business safely through
real-world attack scenarios, allowing you to find and fix vulnerabilities before attackers can exploit them.
You then receive a complete accredited report, which can be submitted to cyber insurers.
With cyber crime on the rise, cyber insurance claims have also seen an unprecedented increase, but
many companies are finding that their current insurance packages simply aren’t covering them. They
have had claims refused on account of neglecting basic virtual security, and with so much uncertainty,
obtaining comprehensive cyber insurance is becoming more and more difficult.
So, what can you do to make sure that you are protected? Start by viewing virtual security the same way
as you view physical security. Cyber criminals will often look for openings in systems like burglars walking
down a street, knocking on all the doors until they find one that has been left unlocked. You wouldn't
dream of leaving your doors and windows unlocked so why do the equivalent virtually.
Red teaming – testing defences where the physical world meets the data world. Why does this
matter?
Red teaming is like a PEN test in the sense that it is a simulated attack on your system. Where it differs,
however, is that with a PEN test, the goal is to identify all the vulnerabilities and provide targeted solutions.
Red teaming really allows you to view a cyber attack from a hacker’s perspective. The team will do
everything and anything to breach an organisation's security, including but not limited to targeting
hardware, systems, software and even employees. This is vital as 95% of cyber security breaches are
still caused by human error which means testing your employees’ responses to attack simulations is still
the most effective way to prevent serious data breaches.
Cyber Defense eMagazine – December 2022 Edition 166
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.