If the cyber-security attack recently suffered by Deloitte proved anything, it is that hackers are not daunted by the size of a business. Deloitte is one of the Big Four accountancy firms and one of the world’s most successful companies, but in September 2017 it was revealed that the firm had suffered a cyber-attack and hackers had breached the company’s email system to steal confidential client data.
When you combine this with the fact that government statistics show that more than half of UK businesses suffered some sort of cyber breach or attack in the past year it adds up to a pretty clear message – you need to take cyber-crime extremely seriously in 2018.
If you are fortunate never to have suffered any sort of hacking attack or breach, it may be that you have very powerful defences. Alternatively, it might simply be that you have been extremely lucky. Either way, it is vital that you should be putting more resources into your security to ensure your defences are ready.
Cyber criminals are becoming more sophisticated
There is no doubt that the kind of threats that companies are facing evolve on an almost daily basis. While in the past, cyber criminals were typically individuals with an understanding of hacking technique, today we are more likely to see sophisticated operations with teams of skilled criminals taking part. This is mostly because cyber-crime offers more than it ever did in the past. Companies typically hold records of key customer data from email addresses to credit card details, all of which can be sold by hackers.
The techniques are more sophisticated too. Rather than just trying to crack a password to get in a system, modern hackers utilise phishing schemes and high-end software to find the weaknesses within a company’s defences so that they can exploit them. This means that you need to become more sophisticated too.
The value of managed detection and response
For small businesses who can’t afford the expense of a full-time IT department to manage their defences it can be daunting to face the kind of cyber-crime mentioned above. But it doesn’t mean that you have to face the prospect of being hacked without any help. Many cyber security firms offer managed detection and response (MDR) services.
This is an outsourced service in which professionals will monitor your system to help keep you protected against attacks 24 hours a day, seven days a week. MDR is far more valuable and effective than a simple firewall and can make a huge difference.
The service typically detects attacks before they occur, allowing you to stop the hack from progressing to the point where your system is breached and data can be stolen. Perhaps the best thing about MDR is that it is proactive rather than reactive – instead of dealing with the consequences of a hack you can prevent it.
Are you ready for GDPR?
It’s also worth noting that May 2018 will see the introduction of the GDPR – the General Data Protection Regulation. This is a European directive designed to improve the way that companies collect, handle and process personal data from their staff and customers. One of the major features of GDPR is that companies can face far more significant fines if they suffer a hack.
Once again it is worth dealing with a professional cyber security firm in order to take their advice and guidance, to ensure you comply with the new rules. Failing to do so will not mean you are more vulnerable to hacks, but also that your business will suffer at the hands of the regulators.
Could ethical hacking help your business?
If you have never had any form of ethical hacking carried out on your cyber defences, 2018 could be the perfect time. For those unfamiliar with the term, ethical hacking is carried out by cyber security professional who use the same techniques as hackers to attempt to penetrate your system. They will then take what they have learned about the vulnerabilities and weaknesses within your system and put it in a report. You can then use this information to improve your defences.
