How to protect your company from cybercrime

Tim Pat Dufficy of Serverspace discusses the most common weapon for hackers: the distributed denial of service attack.

Last month, the Federation of Small Businesses (FSB) announced that small and medium-sized enterprises are currently losing up to £800 million a year to cybercrime and each time an attack is committed it costs an average of £4,000. Cybercriminals aren’t just targeting the global corporate giants and government organisations; they have eyes for small businesses as well. For many ‘hackers’ it’s not about the money. It’s about proving they can do it. The view that ‘they wouldn’t target my business’ could prove fatal to those that can’t pay the costs of repairing the damage.

The most common attack that SMEs should be aware of is the distributed denial of service (DDoS) attack.

What is a DDoS attack and how does it affect a business?

A DDoS attack is possibly one of the most straightforward weapons in the hacker’s arsenal. Unfortunately the technology required to launch an attack can now be rented cheaply from cyber-criminal gangs, and the consequences can be devastating. The first DDoS attacks occurred during the late 1990’s and by 2000, retail sites were being targeted. Now, attacks of this nature occur thousands of times a day.

DDoS attacks are specifically designed to target websites by bombarding them with visits, effectively causing a bottle neck by directing high volumes of traffic to the site. The destination server is so busy with fake requests that when legitimate requests are sent, the server doesn’t respond. The average duration of a DDoS attack is between nine and ten hours, which is enough time to irreparably damage a business’ website.

Measuring the damage of cyber-attacks

We hear a lot about how the impact of downtime to a business can be devastating, but a cyber-attack on any kind of business, especially an SME, is not just a monetary one. Although the costs can be crippling, the reputational damage of having extensive downtime on your site can be detrimental to both a business’s short and long-term performance. In a competitive business environment, every minute the site is down could result in an exodus of customers to your competitors.

Damage can be assessed with the greatest of detail. For example, if your site accommodates advertising, and is hit by a cyber-attack, resulting in sustained downtime, the advertisers may question the value of promoting their products or service on your site. Even if they don’t pull the advertising they will reassess its value, which could cost the business a considerable amount of time and money to reassure them that the site will not suffer any additional attacks.

I think it’s a fair point to make that if your business relies on its online offering, for anything from sales to information about the company, then you need adequate protection. It shouldn’t be viewed as just another cost that SMEs have to tolerate; but as the most important protection to invest in.

How to protect your business from DDoS attacks

Mike Cherry, the FSB national policy chairman, said last month, ‘Many businesses will be taking steps to protect themselves but the cost of crime can act as a barrier to growth…many businesses will not embrace new technology as they fear the repercussions and do not believe they will get adequate protection from crime.’

This highlights the underlying problem that businesses face. Business owners find it hard to justify the cost of protection against cyber-attacks and there is little trust when it comes to the adequacy of such security.

Protection against attacks such as DDoS was once only available to large companies, with multi-million pound budgets, but there are now more affordable solutions for SMBs that won’t punch a hole in a company’s finances. Combatting DDoS attacks alone is virtually impossible for SMEs, so it should be a high priority to find a service package that includes DDoS protection. The biggest mistake a business can make is failing to recognise the severity of DDoS attacks.

Understanding why cyber-attacks are carried out is the first hurdle that SMBs need to negotiate. Recognising that hackers aren’t always driven by financial gain is really important for business owners to consider. Damaging a company’s reputation, its sales stream and simply proving that it can be done are all reasons why such attacks are carried out.

It’s hard to predict cyber-attacks as they can be initiated at any time, but there is protection available to SMBs that won’t cost a considerable amount of money and can be deployed and managed by a service provider with ease.

Further reading on cybercrime

dufficy

Tim Pat Dufficy

Tim was managing director of ServerSpace Limited, which was successfully sold to to the Iomart Group in 2014.

Leave a comment