Cyber Security for Business Owners - How Cyber Attacks Have Evolved

Life Before the Internet

Baby boomers, Gen X'ers and Gen Y'ers are the last generation to grow up without the Internet as a primary part of their lives. As many of the business owners of today are from those generations this can present problems in our understanding of IT and particularly the threat of cyber attacks.

WarGames Starring Matthew Broderick

Most of us have seen the film "Ferris Bueller's Day off" staring Matthew Broderick, but a couple of years before he was "Ferris Bueller" Broderick was "David" the teenage hacker in the film Wargames. The premise of this film if you haven't seen it is that a lone genius hacks into the Department of Defence mainframe for fun in advertently almost starts World War III ultimately this was the way many of us imagine hacking. The problem is that film was released in 1983, over 4 decades ago! And a lot has changed since then.To understand our specific issue (I'm from gen X and grew up with a keen interest in home computers becoming the proud owner of a ZX Spectrum in the 80s and now own three tech businesses), we need to remind ourselves that we naturally think about things from our own points of reference. As we have moved through the decades and adapted and changed our businesses to thrive and survive we have recognised change and reacted to it, but we are also naturally use to a certain “average” pace of change and our generations problem with cyber security is that we tend to think about it being more like the type of attack fictionalised in "Wargames" than todays reality.

The Evolution of Cyber Attacks

While a lot has changed since 1983 "hacking" has kept below the radar and as in the film has been the preserve of clever people often working alone (I.E. for most of its time it couldn't go mass market) but in the last 3 years two things have changed that, Artificial Intelligence (AI) and Organised Crime (OC). With the prolific rise in the ability and use of AI the first, vulnerability probing stage of a cyber attack is done not by humans but by AI, meaning many many more initial attack can take place than before leaving the human hackers to focus on the easy pickings AI finds, the second change, the involvement of OC is about that age old draw for criminals, money, Criminals can make tens of thousands of pounds from a single hack.As this has been realised financial backing has flooded into hacking with the prospect of returns Wall Street and the London Stock Exchange would go crazy for (if it was legal). Our perception of the threat needs to change, its no longer a "hobbyist" cottage industry, cyber attacks have been industrialised scaled up to the point that hacking attempts are now very frequent and getting more so.

I Don't Need Cybersecurity - They Aren't Interested In Little Old Me!

The other miss-conception we often have is what I like to call the "they aren't interested in little old me" attitude. Sadly that may have been true a few years ago but now its just wrong, wrong, wrong!!!The thing is the AI bots scanning for vulnerability aren’t that clever they hit every business and router they can and try to get a foothold, it’s not worth their effort trying to figure out if you're an multi-national or Janes Butchers, using a car analogy, think of car theft, often car thieves they will just try every car door handle on a street until till they find a car that's unlocked and then take what they can. They are known as opportunist thieves these kind of hackers are the same, they are using AI to try all the doors and see what's open. Once they are in then they assess what they have got and ransom you accordingly.If they are successful there's a good chance you will pay to undo the damage the hacker will cause, still think that's nonsense? Imagine you can’t use your computers, your staff can’t work and your customer records are gone, would you pay £20,000 or more to fix it? Would you have a choice?Ultimately hackers no longer care who you are or what's in your computer they just know there is a value to you of several thousand and every "hit" for them is several thousand pounds income for the criminals.

The Cost of a Cyber Attack

The average cyber attack costs businesses tens of thousands of pounds for example ransoms are often around £15,000, there’s also the IT company charge to put it right and scan the system which can average £5,000 to £20,000. There's the cost of a fine from the information commissioner who you legally have to inform and the cost of informing (by mail, how much is a stamp alone!) every person whose details you may have had hacked – so you have to tell your customers and that has obvious reputational damage and future business damage. None of the above includes the cost of not being able to trade while you are off-line which can run into weeks. So the impact of a cyber security event on a business can be terminal – and to be clear I mean it can destroy your business, for many of us, our life’s work.Doom and Gloom? Maybe but it is a reality and it’s going nowhere soon, the threat to the business is as real as burglary and most of the time far more devastating. As CEO’s MD’s Operations Directors and so on our first duty legally and morally is "to protect the business", so the question becomes, "What can we do?" "what provides a reasonable, commercially sensible level of protection against this new threat to our livelihoods and the livelihoods of every employee and shareholder in the business?".

Protecting Yourself Against Cyber Attacks

The good news is you can take sensible precautions and hopefully your IT provider is geared up for this and should already be talking to you about it.

What you need is insurance and protection, otherwise known as risk mitigation, its better to not have an attack but if you do have one you need to be covered, for the insurance the right package will cover all of the costs we have already discussed but like with driving a car you are only insured if you are doing the right things – you have to have a full driving licence, you have to MOT the car, you have to be clean of drink and drugs and you have to drive using due care and attention, in other words the insurers require you to mitigate the risk. Cyber insurers are exactly the same.

So the two steps are:

Number 1. LOCK your IT door!

In the cyber world this means firewalls, antivirus, zero-hour threat protection and so-on, software which can use AI to protect you. Some simple solutions can be found but like fixing your car these days they are so complex you should always use a professional. (Shameless ad here) that’s exactly what we at AdaptiveComms do in our Cyber package for client. Billed on a per user per month “all in” basis its proved a very popular option since its launch.

Number 2. Insure!

In the event the worst should happen don’t let your life’s work go down the pan! Make sure you’ve got the financial muscle to cover it.

NB you can’t insure without step 1 and you shouldn’t have step 1 without insuring they are intrinsically linked and please remember just like car insurers you need to have locked the door to make a claim.

Take Control of Your Cybersecurity Today!

AdaptiveComms is a IT Support and First line of defence Cyber Protection specialist get in touch if you’d like to discuss your set-up. There are also a great range of insurers out there and its worth speaking to a specialist to get the right cover, if you don’t have a broker we can put you in touch with a couple.______________________________________________________________________________________________________________________________________Written by James Brayshaw, AdaptiveComms CEO