Decoding Online Social Engineering: Revealing Tactics and Strengthening Defences
If you are a decision-maker within a business, you must be aware of the risks that social engineering can pose to your organisation...
Did you know that one small business is successfully hacked in the UK every 19 seconds? And yet not every company takes the time to invest in a solid cyber security strategy. Now more than ever, businesses need to understand that cybercrime is a very real and very pressing threat while also taking strides to protect themselves against it.
Published on
23rd March 2022
Share this Blog post
Hopefully, by the end of this article, you’ll understand precisely what cybersecurity is, and why your business should invest in it.
While writing this article, we teamed up with James Bore from CoffeeFueled and Lisa Ventura from CyberGeekGirl to gain some more industry-specific insight into cybersecurity.
What is cybersecurity?
In its simplest form, ‘cybersecurity’ refers to the practice of defending against digital attacks or harm. Cybersecurity, usually implemented in a strategy, can take the form of a series of procedures, training, specialist technology, and programmes that repel malware and the efforts of cybercriminals.
For businesses, cybersecurity is essential, as it can protect an organisation from losing money, sensitive data, and, perhaps most importantly, from losing its reputation with its customers.
While cybersecurity breaches can take many forms, cyber attack is usually aimed at gaining confidential information, extorting money from users, disrupting a business's operations, or corrupting data.
Since cybersecurity threats are getting increasingly sophisticated and ever more dangerous each year, it has never been more critical for businesses to learn about cybercrime than it is now. What’s more, there has arguably never been a more pressing time for businesses to invest in a decent cybersecurity strategy.
Let’s find out some more about cybersecurity with help from James and Lisa.
What is the biggest cybersecurity threat facing businesses today?
When asked about the range of cybersecurity, Lisa told us that businesses are “often overwhelmed by the sophistication, volume, and impact of breaches”, and we’d have to agree. Just the sheer amount of cybersecurity threats is itself a threat, we’ve come to find.
Small businesses especially may find themselves easily overwhelmed by just how many scam emails, social engineering attempts, and phishing schemes they have to fend off, leaving them vulnerable. Cybercriminals are always coming up with new and improved ways to infiltrate a businesses’ defence systems, which is why it is important to constantly assess your cybersecurity through methods like penetration testing.
Penetration testing is essentially a simulated cyber attack on your company’s site that allows you to identify your weak areas with no actual damage done. You can find more ways to assess your current systems on the ITRM website.
Lisa listed a few of the top threats that businesses in all sectors (and of all natures) are susceptible to, which are as follows:
- Ransomware
- Supply chain threats
- Attacks on the critical and national infrastructure (CNI)
- Threats to the cloud
- And threats to external remote services
James also added: “Currently, our biggest challenge is the lack of understanding over just how big a problem cybersecurity is. While headlines are seen with the major cases where they impact major companies, the vast majority of incidents affect small businesses and individuals.”
And James is right. Returning to the statistics at the start of this article, it becomes clear that businesses of all sizes are impacted by cybercrime.
Has working from home affected cybersecurity?
On the one hand, the increase in working from home has created a need for diversifying cybersecurity strategies. However, on the other hand, greater levels of remote working have revealed gaping holes in the current cybersecurity systems for many businesses.
James observed how “many companies have been forced to confront that their cybersecurity was lacking, and required different approaches when the classical network boundary no longer exists”.
Perceptively, James also added that “companies which invested early in remote working capabilities have shown much more resilience than those who were racing to implement them over the last two years”. And it’s true, well-thought-out cybersecurity strategies that have been a long time in the making perform much better than rushed attempts.
Lisa agrees, claiming that without being in the physical workplace, we are “more vulnerable to cyber attacks without the security protections that office systems afford us – such as firewalls and blacklisted IP addresses”.
Putting it simply, working from home has necessitated a great reliance on technology to perform tasks that would otherwise be conducted on paper or in person. And, as Lisa says: “If something’s on the internet, then there’s always the possibility of a cybercriminal compromising it.
“Cloud documents, emails and attachments, instant message clients and third-party services are all vulnerable – and with so much information being shared digitally, the attack surface has grown much wider.
On top of this, employees may use their personal devices for two-factor authentication, and they may well have mobile app versions of IM clients, such as Teams and Zoom. These blurred lines between personal and professional life increase the risk of sensitive information falling into an insecure environment.”
What can businesses do to protect against cybercrime?
With all that being said, it seems that businesses nowadays have their work cut out for them if they wish to keep their information secure. So, what can organisations do to reduce their susceptibility to cyber attacks?
Lisa gave the following advice: “Sharing cyber security advice, education, and raising awareness are the most effective ways of reducing the vulnerability of businesses to the most common types of cybercrime. Making a few simple changes can help prevent you from having an attack or a breach, and can also help you recover more quickly should you become a victim.”
While James added that businesses should “speak with an independent expert to get assessments of where you are, the largest problems I find in companies are where they have written cybersecurity off as purely an IT problem, and not looked at it again. Having an independent assessment can help avoid this before it becomes a serious problem.”
And that brings it all conveniently back to us — thanks for the segway, James!
Here at ITRM, we provide a comprehensive range of IT consultancy services. We can assess your current cybersecurity systems and recommend changes to keep your organisation’s data secure.
So, if you’re a business looking to fight against cybercrime, get in touch with one of our experts today, and we’d be happy to help. In the meantime, enjoy our blog, or visit James’ or Lisa’s too!
