Cyber attacks can be incredibly disruptive to your business. While media attention to cybercrime focuses on larger organisations, it’s important to remember that the vast majority of cybercriminals are indiscriminate – any company that works online or sells online is a potential victim.

We often hold an image in our heads of cybercriminals as using sophisticated and expensive equipment, the reality is often free and simple. Common techniques used by cybercriminals today include:

• Phishing – where hackers send emails in an attempt to gain sensitive information or encourage the recipients to visit fake websites to extract data.
• Ransomware – this is deploying malware that will encrypt and delete your data. Often used as a tactic to extort money from companies, with a promise of returning your data (which is not always the case).
• Impersonation – hackers set up a false website or compromise a legitimate website to exploit visitors.
• Scanning / Social Engineering – searching the web for vulnerabilities of companies or individuals to exploit.

To combat all of these threats, businesses should always consider having a cyber security plan. The most disastrous of these threats is ransomware, this can be truly devastating not only financially, but have a major impact on your mental health.

Examples of cyber attacks recently

in 2020, Redcar and Cleveland Borough Council's website and computers at the authority were attacked. This attack saw more than 135,000 residents go without online public services for nearly a week, as their council struggled with a cyber-attack.

You may have seen in November of 2020, that Manchester United announced they had been subject to a cyberattack that targeted their systems. Cybercriminals launched a sophisticated operation that caused an IT disruption, involving highly sensitive information about the club.

Before launching ransomware attacks, cybercriminals can spend days, weeks or months inside a victim’s network, working to identify their defences and assess what the organisation could be worth, so they can maximise the impact of the attack.

As remote working from home increases, businesses have an increasing reliance on technology.

Planning for a cyber attack should be considered just as – if not more – important than planning for a flood, fire or other disruption. Business continuity plans should be stored offline and regularly updated and tested.

Ransomware attacks typically occur through one of three paths: software vulnerabilities, phishing emails, and remote desktop access. Your business often won’t know the exact route a cybercriminal will take to attack your business, by planning you can help mitigate the fallout by examining your cybersecurity strategy.

Stats from the latest Cyber Security Breaches Survey

The Government’s Cyber Security Breaches Survey reported in 2022 that just 34% of businesses have continuity plans that mention cyber security and only 17% have completed an audit of their cyber security vulnerabilities.

Understanding how your business will react to a cyberattack is more important than the scenario being a perfect match to your plan.

Whilst cybercriminals are continuously developing their skills and using more sophisticated tools – especially with new technologies such as AI and the Internet of Things. Remote workers remain a key target, alongside vulnerabilities in unpatched servers.

It is more important than ever for your business to have a cyber security plan in place.

To help businesses we have created a Cyber Incident Response Pack, which contains documents to help support your business plan its response to a cyber incident. These documents are designed to complement any existing plans or assist you in creating one.

Contact us today to talk through your needs and learn more about our affordable memberships and security services.