There was new research from the Home Office led Cyber Streetwise programme last week.
The latest poll shows that only 16% of small businesses in the UK said that improving their cyber-security was a โtop priorityโ for 2015. 66% of businesses โdonโt consider their businesses to be vulnerableโ and more than three-quarters donโt understand the new cyber security threats.
Depressing news? Yes, but itโs hardly unsurprising to those of us at the โcoal faceโ of the Infosec industry.
I was talking to a customer recently who runs a micro-brewery based in the UK. The real ale industry is not the first business type that springs to mind when people discuss typical industries under threat of a cyberattack.
My customer mentioned that he had heard an interesting story in his circle โ another contact had been approached by an ex-employee of a neighbouring brewery. Would the contact be interested in someone gaining access to the CRM system and network of this big competitor – for the right price of course?
The microbrewery industry has seen a huge growth of the last five years, with many new entrants into the market, some powerfully established big players and a growing base of trade and retail customers.ย Itโs such a tight and competitive market, that the offer of any unauthorised information would be like gold dust to the right person, someone who had a desperate need for this intelligence to improve their competitive advantage.
Apparently the brewery business declined the offer. And my customer hasnโt heard anything since, but assumes the authorities alerted and the competitor informed.
This idea of a โhacker for saleโ, โmercenary hackerโ or โespionage as a serviceโ (EaaS) is usually referring to highly organised criminal groups, who have high levels of skill and are able to evade discovery by a variety of specialist skills. According to Jeffrey Carr, president and CEO ofย cyber securityย firm Taia Global, who has written a report on the subject,โthe low risk of discoveryโฆand growing demand of their services ensures that the EaaS threat actor will flourish in the coming 12 to 24 months.โ
But, as the anecdote reveals above, small businesses and regional and national manufacturers are also at risk of the same type of hacking attack, if on a much smaller scale.
Small businesses are not taking the most simple of security measures โ many clients are completely oblivious to the fact that they HAVE been hacked in the past, and they also have no way of knowing what information has been stolen, and how far it has been disseminated.
Any business that has confidential information (and who doesnโt?) is at risk from cyber criminals โ maybe disgruntled employees or other hackers who are after an easy way to earn a quick buck. This new type of โthreat actorโ needs to be publicised to the small business community.
Companies are obviously wary of publicising the fact that an attack has been attempted or been successful. If they openly shared this information with the authorities and within their trade โ it would bring a much higher profile to the risk of cyberattacks, and destroy some of the old myths continuing to dog the cyber security industry.
The Cyber Streetwise programme discovered that 22% of small businesses still believe the myth that small companies aren't a target for hackers. Again, as we show over and over again, the truth is that small businesses are a bigger target than ever because they typically hold far more data than the average consumer, but often don't have any additional preventative measures in place to protect themselves. Last year 33 percent of small UK businesses suffered a cyber-attack from someone outside their business. As suppliers, they are also a route in to larger companies.
And as for the microbrewery? I asked my competitor to check with his circle of contacts to find out the actions that have been taken by the authorities and industry to prevent another โmercenary hackโ offer. Iโll keep you postedโฆ
Next week โ A little voucher makes a big difference – a quarter of small businesses think that cyber security is too expensive to implement โ how innovation vouchers may help SMEs to overcome this stumbling block.