Cyber warfare. The idea of the battle between businesses and thieves taking place on an intangible platform is one that’s not only hard to grasp in the first instance, but that’s moving so quickly we’re all struggling to keep up. We decided to take a look at this hot topic at a lunchtime meeting.
We invited Graeme McGowan, an ex-intelligence officer now running his own cyber security consultancy, to talk to our members about the very real dangers these threats can pose, from the smallest of businesses right up to large multi-nationals. The first thing he drew our attention to was the fact that there is no business too small to be of interest to hackers. Whilst you may not think your SME would be a primary target for hackers, you could be their route into some of the biggest businesses in the world – particularly if you are a supplier. By targeting these companies, hackers can then ‘piggyback’ their way across companies, before finally reaching their true target.
Bearing this in mind, we were then quite shocked to learn the true extent that cyber-crime damage could cause. With 93% of large corporations and 76% of small businesses having reported a cyber breach, losses as a result are expected to hit £130 billion. With methods ranging from the well-known (phishing emails and backdoors) to the novel (botnets using the processing power of your smart TV), the ways hackers can attack you seem limitless.
The most interesting part of this seminar, after hearing about the threat of digital attacks, is that often the way these attacks take hold is a result of human error. No matter how stringent your digital security is, it’s very easy to have it undermined (whether accidentally or by malicious intent) by an employee. It just takes someone in the office to let the “accountant from upstairs” borrow your Wi-Fi password, or leaving a guest unsupervised in a meeting room with an Ethernet port to have your network at risk. I do know of a company whose cleaner plugged a keylogger into a PC which captured everything anyone typed into the computer (including passwords – easily identifiable from the rest of the keystrokes by their random mix of letters, numbers and capital letters – something to think about!).
You might have what you think is an impenetrable digital security system, but have you educated your staff to make sure they understand the attacks that could be aimed at them? Have you vetted your cleaning company? Do you know who you’re allowing to access your systems?
Who would have thought, that by attending a seminar on what I thought would be based solely in the digital universe, I’d end up thinking more about the physical weak points of these intangible threats.
I’ll leave you with this final thought…
Written by Becky Dodds