SMEs at increased risk of Cyber Attacks as mission-critical organisational data is arguably facing more threats than ever before
There are more threats than ever to important data in organisations. Cyber-attacks, especially ransomware, affect both public and private sectors, with serious consequences. We often hear about attacks on big corporations or public bodies, but most of them are not reported. Why? Because the attackers target smaller and medium-sized organisations – the core of the UK economy. Official UK government statistics show that there are over 5.5 million of these businesses in the UK, who employ 61% of the workforce.
A joint effort by law enforcement agencies from 11 countries brought down the LockBit gang in Russia, a major ransomware group, in February. This reduced the number of attacks somewhat, but ransomware is still a big problem. Recently, Boeing, the Scottish Health Board, The British Library, Nissan and Stanford University are some of the organisations that faced high-profile attacks in the US and UK.
Reporting on high profile ransomware attacks keeps the issue in the public eye, but it doesn’t show the whole picture. It is not only big organisations that face cybercriminals’ attacks. Smaller and medium-sized enterprises have also suffered more often lately. These are seen as softer targets that probably don’t have the resources to spend on cyber defences as much as bigger enterprises.
How AI increases the ransomware threat
Cybercriminals are using AI to enhance their attacks. The UK’s National Cyber Security Centre (NCSC) stated in a report in January that AI will likely cause more and worse cyber-attacks in the next two years. The organisation recommends the widespread implementation of preventive measures to reduce the damage of this new threat.
AI increases the threat level because it makes it easier for bad actors to access. It will let even low-skilled cyber criminals do better information collection and victim selection. It can also help them find valuable data to inspect and extract, making security breaches more harmful.
The report says that by 2025, “People will have a hard time telling if an email or password reset request is real or not, or spotting fake or malicious attempts to trick them, because of Generative AI and large language models (LLMs).”
Recovering from a ransomware attack
All organisations need strong cyber-attack defences and plans for a worst-case scenario nowadays. But even with best efforts, ransomware attacks are still a persistent threat. They often work, because of human mistakes and the persistence of attackers.
Many organisations have changed their mindset to expect an attack, rather than prevent one. But the question then becomes, how will they recover? Luckily, there are many effective strategies that can be used to help recovery after a cyber-attack. Knowing these in advance will speed up the recovery process.
Some elements of a cyber defence strategy are:
Immutable data backups
These are data backups that cannot be altered or deleted, not even by administrators. Immutable backups ensure that data is safe from tampering and can be restored to its initial state. They will lower the risk of data loss in the event of a cyber-attack. They should be a key component of any cyber resiliency plan.
Becoming a cyber-resilient enterprise
At CSG, IT security is in the heart of everything we do. Cyber Essentials is a scheme created by the UK government to help businesses implement good practices in IT. It is not easy to achieve this certification, as it requires strict testing and evaluation. The certification will follow a set of standard controls that are designed to help you fight Cyber Crime.
“Government-backed, industry supported scheme to guide organisations in protecting themselves against common online threats” – UK Government.
There are two levels of Cyber Essentials certification, depending on your business needs; Cyber Essentials Standard and Plus. To get the Cyber Essentials Plus, you need to have the Standard certification first, and then move onto the Plus certification within a certain timeframe.
Why you should get certified
- Lower the chance of cyber attack
- This may meet the requirements of your supply chain or industry standards – Compliance
- Cut down insurance costs
- Demonstrate your organisation’s cyber security measures
- Enhance your organisation’s reputation
Second site data backups
A good way to protect data from disasters is to use a second site or a backup somewhere else. This is vital if an earthquake, or another big disaster destroys your data centre. With a good cyber resilience plan, you can also use backups on your premises to restore your site faster.
Whilst Microsoft provide protection against loss of service (resulting from hardware failures and/or natural disasters), and short-term protective measures in the form of the Recycle Bin, it provides no protection against deletion of data by employees (be it accidental or purposely), or encryption of data by ransomware and other forms of cyber-attacks. To combat this, and to ensure not only your data, but your emails are also backed up, CSG offer a managed MS Office 365 Backup solution that’ll protect your business should the worst ever happen.
Threat hunting
The act of examining backups and restored systems to find evidence of a cyber-attack, such as compromised servers from backup copies or restored servers, is an essential part of any cyber resilience strategy because it helps to determine the extent of the attack and to prevent any more harm.
A key feature of many effective cyber resilience solutions is proactive threat hunting, which helps you detect possible threats sooner and take actions to limit the harm and stop more attacks. This means actively looking for evidence of a cyber-attack, even if there is no sign of a compromise. It may also involve looking for evidence of unauthorized entry, abnormal network activity, and other clues that indicate a breach may have happened.
Comprehensive testing
Testing recovery processes is a key part of both disaster recovery and cyber resilience. For cyber resilience, it’s also important to ensure that restoration from a previous week or month is possible. As for the testing, it’s essential to test the processes for recovering from a local copy, a remote or a cloud copy, and to find out if different types of restoration processes can be done.
Becoming a cyber-resilient enterprise
The Cyber Essentials Standard Certification will involve a review of your IT environment and responding to a self-service questionnaire around the policies, controls and technology that is in place. The Cyber Essentials Plus certification process will involve a test of your network similar to a vulnerability scan, alongside a more thorough assessment. This assessment will focus strongly on workstations, network and also mobile devices. Your business must hold up to differing technical security controls.
Once you have gained your certification its important you keep up to date and are working to the key measurements. That’s where CSG can help and our team will help guide you through the annual renewal process to maintain the ongoing certification status. CSG offer a managed service that can monitor your organisations compliance against the scheme and provide ongoing changes and support as required.
CSG has helped hundreds of organisations achieve their Cyber Essentials and Cyber Essentials Plus certification, get in touch with the team today to find out more.