Security expert Phil Cracknell explains why hacking should be on every SME’s radar – especially in light of the recent global WannaCrypt ransomware campaign.
It’s time to look at the bigger picture
Cyber wars are taking place every day. People are hacking governments to steal information and secrets in the same way we have spies and double agents. I have recently been on a 10-month assignment at a train company in the UK, who are going ahead with plans to move all of their signalling to the train cabins instead of a central signalling centre. Bring a cyber-criminal with a vicious motive and the ability to hack these trains into the equation, and you’ve got a very dangerous situation.
It will take a catastrophic event to lead to reform
My prediction for the future of hacking is that there’ll be a massive event that’ll lead to loss of life. Several terrorist plots involving cyber-crime have already undoubtedly been foiled, and it’s only a matter of time before one takes hold. There’s still a widespread disregard for cyber-security because it’s not in people’s faces yet. But an event like this would lead to major reform.
There’s an ecosystem of hackers we need to fear
There are many ‘smaller time’ hackers that do it more for the kudos it gives them in their network rather than aiming to carry out organised crime. But they’re still dangerous.
These opportunistic hackers are often groomed by other, more serious hackers who’ll tell them to attack a certain IP address. And the smaller-time hackers will do it because they believe they’re doing a valuable job in taking down a bad organisation or similar.
Small businesses aren’t immune to cyber-threats
SMEs need to remember that even though they’re small in size, if they’re part of a larger supply chain, they’re still vulnerable. Anyone that supplies to trains, buses, planes, energy companies or any other organisation considered critical to the national infrastructure could provide a way for hackers to get into where they want to be. Four of the biggest hacks in the world – Sony, AT&T, eBay and Target – were able to happen because of a third party supplier being compromised. And if enough small businesses were attacked it could threaten our country’s entire financial infrastructure.
Seek external help to keep your business secure
If you own a small business you probably don’t need to employ a security expert full time, but it’s wise to seek external help to guide you and check that you’re secure on a regular basis. It’s a good idea to seek specialist help and contract a Chief Information Security Officer (CISO).
Social engineering is often used
Imagine the scenario. A British Telecoms (BT) engineer turns up in full uniform at your business premises. They claim that your main phone line is down due to a problem in the area. You check the line – it’s dead. Your customers can’t get through to you and you’re losing money by the minute. How likely are you to let the engineers get on with their job and fix things? Hackers have been known to create crises for businesses, only to turn up and ‘save the day’ a few minutes later. What they’re really doing is getting potentially unlimited access to the business’s network.
Always be vigilant when giving out your details
To avoid being socially engineered, always be wary of who you’re giving details to, whether it’s on the phone, in person or online. If you receive an email with a link in it asking you to change your password for something like Facebook, don’t follow it. Instead, manually type the Facebook URL address into your browser and see if the website asks you to change your password that way.
Cyber insurance is going to change the world
Hacking activity is spread far and wide, and is being used for multiple different purposes across the globe, some of them very sinister. But it’s not all doom and gloom. This is why I think cyber insurance is going to change the world. I genuinely believe that if you’re a small business owner, cyber security should be up there at the top of your list of priorities. It’s not an optional extra, just like business insurance isn’t. And when you look at the bigger picture, you can see why.