This week, the British government’s Information Security Breaches Survey 2015 has been published, and its findings are alarming.
The average cost of the most serious cyber attacks against large businesses now starts at £1.46 million. That figure has risen from £600,000 in 2014.
However, big businesses are by no means the only targets of cyber attacks. The survey showed that the most severe breaches amongst SMEs is now, on average, between £75,000 and £310,000. 74% of small to medium sized businesses reported an information security breach with 30% suffering staff-related breaches.
In a bid to help businesses protect themselves against cyber threats, the government have released a free guide outlining security measures that businesses can implement.
Cyber attacks can take many forms, but there are three main types of threat to be aware of.
Theft of information is potentially the most costly kind of breach and it’s a huge concern for business owners.
Cyber thieves may target:
- Customers’ payment details
- Usernames and passwords to customer accounts
- Customers’ personal information including phone numbers and physical addresses
In 2014, a number of cyber attacks on large companies such as Domino’s Pizza and Feedly involved hackers stealing sensitive data and then blackmailing or extorting their victims for the return of the information.
Disruption of Business Activities
This is a very broad area covering a variety of tactics used by cyber attackers to disrupt, inhibit or in some cases completely derail a company’s ability to do business.
Though the crime is perpetrated in the digital realm, the consequences can bring real world business activities to a grinding halt, potentially affecting point of sale terminals in retail outlets and staff computers.
Examples of this kind of cyber attack include sabotaging a business’ website or hacking into company computers and deliberately corrupting important files or software so as to render them unusable.
In some cases, cyber attackers try to diminish the ranking of their victim’s website with so-called “negative SEO” tactics. This commonly involves targeting the website with “spammy” or disreputable links causing it to slip down the search engine results pages. This results in a loss of search traffic to the affected website, which is particularly damaging for online businesses relying on search engine traffic to drive sales. This tactic has been known to be employed by unscrupulous business owners in an attempt to undermine their competitors and steal search traffic.
Defamation can be aimed at the reputation of either a business or of an individual associated with the business. Cyber defamation refers mainly to disparaging comments made via online platforms. These comments can be posted in the comments section of websites, on social media channels or even on online review sites. Distinct from negative customer reviews, true defamation is designed to bring a business or an individual into disrepute in an attempt damage sales.
We are seeing an increase in specialist companies experienced in addressing cyber crime and if you find yourself the victim of a cyber attack, it is wise to seek both technical and legal advice. However, prevention is far better than cure, and all businesses with an online presence should consider taking adequate steps to protect themselves and bolster their online security.