As a small business, you probably don’t expect to be a target for cyber criminals. But with fewer employees and resources devoted to cyber security, your business is exactly what criminals look for. Cyber crime is on the rise and since the 2020 pandemic Amazing Support, an IT-consultancy, have found that more businesses are suffering losses from data breaches than before. In the UK, two in five businesses experienced cyber attacks last year, according to The Cyber Security Breaches Survey 2021.
The cost of cyber crime is high. For small businesses that suffer a loss of data or assets as a result of a data breach, the average cost of a single cyber attack is £8,460. With enough setbacks from such cyber attacks, your small business could go under. Cyber security is, therefore, not an afterthought for your business. Other alarming statistics from the UK’s Cyber Security Breaches Survey show just how vital good cyber security is for small businesses:
- 17% of businesses surveyed said they didn’t have up-to-date antivirus software.
- Only 23% of businesses said they had a cyber security policy that covered home working.
- The most common breaches in 2020 in the UK were phishing emails. Instances of outsiders impersonating organizations online, and viruses or other malware were the second and third most common breaches, respectively.
- 47% of businesses said their staff uses personal devices for work, but only 18% of those businesses said they had a cyber security policy covering how to use personal devices at work.
Which Industries Are Most at Risk?
Although cyber crime affects all industries and sectors, some are at a greater risk than others. Take a look at the infographic below for more information on these industries. Businesses operating these sectors tend to handle a large amount of data and may have outdated systems that are easier to breach. The industries that fit this description and attract the most cyber attacks are:
- IT & Telecommunications
- HR & Recruitment
- Manufacturing & Utilities
If your small business operates in one of these industries, cyber security should be a priority for you. What specific risks do companies in these industries face?
Healthcare is a high-risk industry for cyber security, and became more so during the 2020 pandemic. There are three major reasons small businesses operating in healthcare and individual healthcare providers make such good targets:
- Private patient information is valuable: Patient information, including medical records, addresses, and dates of birth, is highly sought-after by cyber criminals. They can easily sell this info, use it to open fraudulent accounts, or take out loans with it. Hospitals and even smaller clinics are troves of patient data, and the increasing digitization of health records has made this information more accessible.
- Medical facilities tend to use outdated systems: At many healthcare facilities, there’s a reluctance to switch to new technologies because of the fear it could disrupt patient care and working practices. Duo Security published a report stating that 82% of healthcare organizations still use Windows 7, an operating system so old that it can no longer get security updates.
- Healthcare data must be open and shareable: The quick exchange of patient data is vital to hospitals and small clinics, where multiple healthcare providers across different facilities may need access to the same patient’s information. Because there’s often an immediate need to share this information, many healthcare professionals don’t have the time to pay close attention to the devices they’re using, and whether they’re adequately secured.
IT & Telecommunications
Telecoms and IT companies are targets for cyber criminals for two main reasons:
- They build and operate complex networks: Telecoms companies keep the world connected, allowing email, messaging, and phone and video calls to take place. Bringing down these networks promotes chaos and disruption.
- IT and telecoms companies store sensitive data: With tons of sensitive information about their subscribers, businesses operating in telecoms and IT attract cyber criminals who want to get their hands on data that they can sell or use to impersonate customers.
Why are law firms attracting cyber criminals? There are three main reasons, similar to healthcare and telecoms:
- Law firms handle sensitive data: Attorneys have access to client information that could prove valuable in the right hands. They manage and store potentially damaging information about divorces, custody cases, corporate mergers and acquisitions, and intellectual property.
- The shift to remote working was challenging: Methods for dispute resolution and transactional work haven’t been updated for the digital age, so making these processes remote proved to be a security challenge during the 2020 pandemic. Most law firms didn’t have the systems to transfer sensitive data virtually and securely.
- There are no clear regulations: In the legal industry, regulations regarding data protection aren’t clear. As a result, many law firms have been slow to develop security mitigation plans or cyber security policies. This makes many firms both vulnerable to a cyber attack and slow to respond when they do suffer a breach.
HR & Recruitment
As a data-heavy industry, HR and recruitment is often targeted by cyber criminals as well. The major reasons small firms in this industry are vulnerable are:
- The HR department is an entry route to the rest of the organization: In small businesses, the HR "department” may just be one person. But the information that person manages can still put the rest of the business at a cybersecurity risk. By targeting HR with payroll fraud, recruitment scams, or malware, hackers can gain access to the entire organization.
- Candidate data is valuable intellectual property: HR agencies succeed or fail by the quality of their candidate data. It can take years to build up and nurture these lists, making them worth stealing.
Manufacturing & Utilities
The manufacturing and utilities industry has several reasons that make it a target for cyber crime. The three most prominent are:
- Manufacturers have intellectual property concerns: Manufacturing includes the automotive, electronics, and pharmaceutical sectors. These types of companies all deal with intellectual property rights which are incredibly valuable.
- There’s a low tolerance for disruption: Like the healthcare industry, manufacturing businesses hesitate to update their systems for fear of disruption. They use highly specific software packages which are difficult to patch against exploits, making them more vulnerable to attack.
- Manufacturing systems are outdated: In terms of technology systems, manufacturing lags behind many other industries. Among global manufacturers, only 24% have implemented smart manufacturing initiatives, and just another 22% are in pilot stages. Systems that have not kept up with modern security measures attract cyber criminals.
Final Thoughts on Small Businesses and Cyber Security
If your small business is in healthcare, telecoms, legal, HR, or manufacturing, then know that you have an increased cyber security risk. If your business is not in any of these industries, you should still take cyber security seriously. It always costs more cleaning up a cyber attack after the fact than it does to prevent it.
For more information, take a look at the infographic below.