Skip To The Main Content

How to counter the cyber threat


By Chris Ross, SVP International at Barracuda Networks

Ransomware use has exploded over the past year or so, particularly in the UK, simply because it works and is an easy way for cyber criminals to make money. And many businesses are aware of this fact. 

However, what many smaller businesses get wrong is they assume they’re not the ‘real’ targets. A common misconception we hear regularly is that small and medium businesses (SMBs) think they are unattractive attack targets as they think attackers would rather spend their time going after large enterprises. 

But this misconception is far from reality. If anything, SMBs can be more prone to attacks as they’re assumed to be resource-limited and have less IT-savvy employees. And we’re not just talking about your common phishing email or basic malware attack. 

Today, everyone is at risk from a ransomware attack; no matter how big or small your business is. It’s become the number one threat to businesses today, with many firms having to pay the ransom simply because they don’t have the defence systems in place to avoid doing so. 

In a Barracuda survey conducted in 2017, 80 per cent of UK SMBs confessed that their revenue would be impacted by a cyber attack. And with cyber threats constantly evolving and attackers continuously creating more powerful and sophisticated exploits, things are only likely to get worse. 

Without the budget of larger organisations, it is vital that smaller businesses use their limited resources in the best possible way. Keeping business-critical data safe is no easy task, but it is imperative in order to avoid falling victim to the next attack. 

By following these simple steps, small businesses can reduce their chances of becoming an attacker’s next source of income:

Educate users

There’s clearly a lot of work to be done here: from our survey, 5 per cent of UK SMBs think they don’t need a cyber attack plan and 9 per cent view cyber security as a hindrance. 

User education is key for preventing malware such as ransomware from entering the network. Our research shows nearly three quarters (74 per cent) of ransomware attacks entered via email, often via social engineering attacks. Phishing and spear phishing attacks continue to become more sophisticated, with even IT-savvy users being fooled. 

Employees are often the last line of defence – especially when it comes to social engineering attacks – and training your staff is just as important as installing the right technologies. With simulation training, organisations can expose their employees to the current real-world cyberthreats without the risk. This will teach them which signs to look out for and how to respond appropriately. As well as reducing the success rate of social engineering attacks, these tools can provide useful data on which employees are most at risk and, therefore, where to focus your efforts.

Effective user training can help prevent a lot of attacks, but keeping out the 26 per cent of attacks that don’t enter via email requires a combination of effective perimeter filtering, specially designed network architecture and the ability to detect malware that may already be inside the network.

Update systems regularly

It only takes one area of vulnerability to leave the backdoor open on a network. Last year’s WannaCry attack highlighted the importance of keeping up with routine patches. Small businesses tend to be slower to implement patches, making them a huge target for similar attacks.

Protection and prevention are key in the new age of sophisticated and super targeted attacks. Some organisations still have a long way to go in terms of prevention, as our study showed 30 per cent of SMBs do not have a cyber attack plan in place at all, even though smaller businesses can be seriously disrupted by an attack of this nature. 

A powerful advanced threat protection strategy should enable small businesses to easily detect and prevent threats within the network. However, it is inadvisable to keep all of your eggs in the prevention basket. The reality is that unfortunately we should no longer prepare for ‘if’ we get attacked, but ‘when’. 

Backup business-critical data often

Cyber attacks are inevitably going to get in, simply due to the volume of attackers out there and the level of sophistication they employ. Although we can do our best to keep them out, we cannot be naive enough to think we can always prevent them from getting through. 

Ultimately, the key is balance. SMBs need to adopt a prevention and recovery system rather than one or the other. A sophisticated threat protection strategy will allow organisations to not only detect but prevent threats within their networks. A reliable backup solution will then enable you to restore business-critical data so that business disruption is minimised, and test the backups regularly. If you do fall victim to an attack, you can simply restore from the most recent backup set to get up and running again within minutes. 

The reality is no one is invincible and anyone can fall victim to an advanced threat at any time. As data regulation has been tightened, data breaches will not only undermine your customers’ trust in you – which is concerning as lots of smaller businesses depend upon customer loyalty – but also very easily impact a business’s bottom line. Increased fines for failing to comply with new regulation may well leave a sizable dent in your business.