Should business executives and SME owners be concerned about cybercrime?
The short answer is yes and no.
Allow me to explain.
Hackers do exist. You will know this from experience given the number of suspicious emails you receive alongside the dearth of spam arriving in your inbox.
It also feels like a large corporation suffers a data breach every week – as reported by the mainstream media. Statistics back this up. It is estimated that globally, around 30,000 websites are attacked every day.
But fortunately, most of these attacks are harmless. This is clearly evident from the GDPR enforcement tracker. Between July 2018 and January 2023, you will find that 1437 penalties have been awarded by the Information Commissioner’s Office in relation to a data breach.
That’s well below the 30,000 daily attacks. Moreover, practically every major data breach reported by mainstream media mentions the attack originated from a ‘state-sponsored’ group of hackers.
It’s no secret the government and larger corporations use ‘ethical hackers’ to protect their national borders and their intellectual property. The individuals they employ are at the top of the game when it comes to hacking.
In addition, the majority of malicious code used by hackers targeting SMEs and members of the public is already known to cybersecurity providers. The codes are captured by their antivirus software.
This is one of the reasons why the majority of cyberattacks are unsuccessful. A 2019 study shows that antivirus software captures between 90% to 98% of malicious codes in circulation.
Hackers, of course, are always looking to innovate to stay ahead of the curve. But this 2-10% of unknown code is more likely to be used to target multi-million dollar companies and not your run-of-the-mill SME.
Cybersecurity firms report that around 90% of data breaches are caused by employees. The most likely scenario is that an employee clicks on a malicious link in a spoof phishing email or downloads a pdf from the internet that is infected with malicious code.
In the last year, other covert tactics have surfaced such as dropping malicious files in Microsoft Teams and using trojans like snake keylogger that are difficult to detect. The adoption of hybrid working and BYOD also makes SMEs more vulnerable.
Yet all these issues can easily be avoided if your staff know where cyber threats come from and how to detect them. One of the most efficient and cost-effective ways of securing your business network is to train your workforce about cybersecurity and provide regular updates on the types of techniques malicious actors use to target businesses and home networks.
Whilst the threat of cybercriminals is a real and present danger, it’s unlikely that SMEs are in that much danger of suffering a data breach. Providing you have taken the most appropriate steps to secure your business network, cybercriminals are not worth losing sleep over – regardless of what mainstream media want you to believe.