Why are SMEs targets for cyber criminals?

            Why would hackers be interested in breaking into your organisation, when there are multi-billion dollar
            companies or governments to hack? It’s certainly a valid question. We always hear about it when a huge
            organisation is broken into but rarely when it happens to small businesses.

            The truth is it does happen - and far more often than you might think. In fact, there were over 400,000
            reports  of  fraud  and  cyber  crime  in  the  UK  last  year  alone  (Source:  NFIB  Fraud  and  Cyber  Crime
            Dashboard) and in 2021, UK businesses lost more than £736 million to hackers (Source: Cyber Crime
            Cost UK £2.5bn in 2021 (Holistic.iT)).

            Hackers will often target smaller businesses because there is less sophistication in their security systems,
            and they are easier targets. In fact, some statistics say that SMEs are three times more likely to be the
            victims of cyber crime than large businesses.



            What is PEN testing / ethical hacking, and why is it important?

            Through a targeted attack simulation, a penetration (PEN) test can take your business safely through
            real-world attack scenarios, allowing you to find and fix vulnerabilities before attackers can exploit them.
            You then receive a complete accredited report, which can be submitted to cyber insurers.

            With cyber crime on the rise, cyber insurance claims have also seen an unprecedented increase, but
            many companies are finding that their current insurance packages simply aren’t covering them. They
            have had claims refused on account of neglecting basic virtual security, and with so much uncertainty,
            obtaining comprehensive cyber insurance is becoming more and more difficult.


            So, what can you do to make sure that you are protected? Start by viewing virtual security the same way
            as you view physical security. Cyber criminals will often look for openings in systems like burglars walking
            down a street, knocking on all the doors until they find one that has been left unlocked. You wouldn't
            dream of leaving your doors and windows unlocked so why do the equivalent virtually.



            Red teaming – testing defences where the physical world meets the data world. Why does this
            matter?

            Red teaming is like a PEN test in the sense that it is a simulated attack on your system. Where it differs,
            however, is that with a PEN test, the goal is to identify all the vulnerabilities and provide targeted solutions.

            Red teaming really allows you to view a cyber attack from a hacker’s perspective. The team will do
            everything  and  anything  to  breach  an  organisation's  security,  including  but  not  limited  to  targeting
            hardware, systems, software and even employees. This is vital as 95% of cyber security breaches are
            still caused by human error which means testing your employees’ responses to attack simulations is still
            the most effective way to prevent serious data breaches.








            Cyber Defense eMagazine – December 2022 Edition                                                                                                                                                                                                         166
            Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.