SMEs are still not taking cyber threats seriously

By | 26th July 2016

Chart courtesy of

According to the latest research by Barclaycard, UK’s SMEs are failing to protect themselves from the growing threat of cyber crime. The research found that 48% of the surveyed businesses suffered at least one cyber attack in the past year and 10% experienced more than 4 attacks in the same period.

Only 13% of the responders were confident that they understood enough about cyber crime to protect their business and only 15% were very confident that they had adequate protection measures in place.

This is a dismal state of affairs that every SME owner and director should seek to improve on.

SMEs often just look at their computer systems and digital assets and perceive them as not “attractive” to cyber criminals. Having adequate data backups and basic antivirus software is considered to be sufficient defence. Although the average SME is unlikely to become a target of a determined hacker, there is always the threat of a malicious insider or a recently fired employee/contractor.

But the most underestimated threats are the malware payloads delivered over email or infected websites, or even via consumer-grade broadband routers and Wi-Fi access points riddled with security vulnerabilities. Infected mobile devices, including personal smartphones, can also spread malware, if connected to the business network.

Modern malware no longer simply seeks to cause damage, it wants to make money from your systems and digital assets. It will therefore keep a low profile until its aim is achieved. It may encrypt your data and then demand a ransom or it may quietly observe all that’s going on on your network, look at every interesting file, capture screenshots and keystrokes, looking for personal information, financial information, credentials to your own systems and to any other system you connect to from work. Finally, your computers can be silently joined with thousands of others in being ready to attack high-profile internet targets in what is called a Distributed Denial of Service attack (DDoS). All of this is fully automated and doesn’t require any intervention from the cyber criminals that are disseminating the malware.

If not sufficiently protected, you may find that your organisation was infected only after the malware had fully accomplished its “mission”. This could be a simple demand for just a few hundred pounds of a ransom to unlock your data or worse, your business account could be cleaned out. The costs can be high, and may come from unforeseen angles, such as reputational damage and legal liabilities when sensitive data belonging to your customers is released.


Leave a Reply