In May 2017, Cyber security Malaysia confirm the “WannaCry” ransom ware attack spread across Malaysia. The attack, which locks computers and holds users’ files for ransom reported to hit 200,000 victims in 150 countries. The National Health Service reported the massive ransom ware attack shut down work at 16 hospitals across the United Kingdom. Hackers threaten to delete patient records and other critical files if hospitals don’t pay them.
While larger companies have resources to address cyber security issues, MSMEs companies often do not. Usually, a business owner or his immediate family members handle many different roles within the SME business. They couldn’t implemented proactive security measures due to budget constraints, poor governance, lack of security policies and controls, lack of employee awareness and lack of information technology knowledge and resources to hire that knowledge, many SME businesses are at a great risk of having their systems compromised.
SMEs HAS THE INFORMATION HACKERS NEED
Many SME owners neglect the need to implement cyber security protection measure as they in opinion; they don’t have any valuable information. Information Security Breaches Survey found that 60% of small businesses had suffered a security breach.
Hackers are aware of this false sense of security, and increasingly exploit SME businesses’ lack of preparedness and security expertise. Make no mistake: if you’ve got a website, you’re vulnerable.
Some criminal hackers are motivated for cash; they gather online banking credentials, customer and employees’ information and other statutory information. Even if you don’t store financial information such as customer payment details, the data you do hold such as employee payroll details, proprietary data or client information has a value to someone. Dell SecureWorks found that the black market for hackers’ data is booming.
ANTIVIRUS SOFTWARE IS NOT ENOUGH TO PREVENT CYBER ATTACK
Security software like paid antivirus software has historically been the go-to solution for users wanting to protect themselves from cybercrime. Don’t misunderstand; you need what protection it does offer, antivirus protection is essential. Unfortunately, the protection provided is often significantly less than most people including SME business owners realize, which is why so many people using antivirus software find themselves with malware infected computers.
Some limitations of antivirus software
- the software may stop many of the malicious attacks on your computers as long as you keep them up to date, but it gives a false sense of security and does not educate you on how your actions influence the cyber-attacks made against your business.
- It doesn’t stop the insider threat of someone causing vulnerability or letting an attacker in.
- Avoid using multiple antivirus programs on one computer as they can conflict with each other.
“The real fact is that no single solution can prevent all cyber-attacks. Sophisticated attacks on networks routinely bypass network security systems, no matter how rock-solid they are or claim to be,” CNN Tech reports.
BRING YOUR OWN DEVICE A GROWING CYBER SECURITY TROUBLE
Reduced invested, convenience and flexibility are the main reasons for bring your own device practice becoming popular.
Take note, if employees bring in their own devices they can also take them home, or traveling, allowing them to work from places other than the office. Allowing employees to bring their own devices to work can present its own problems.
Bring Your Own Device is the Biggest cyber security attack risk made by SME business owners themselves. Employees’ personal devices are unlikely to have the same level of security as corporate devices, and may be significantly easier for hackers to compromise. Companies that allow Bring Your Own Device should ensure they have a strict Bring Your Own Device policy in place while ensuring employees understand good cyber security practices, and the potential consequences for the company if they are not followed.OPAQUE ALGORITHMS COMPROMISE INTEGRITY
The Threat Horizon 2018 report by Information Security Forum Ltd identified organizations will increasingly use algorithms to maximize efficiency, however, a lack of transparency in how these algorithms interact will pose significant information security risks.
The report also made following recommendations:
- Identify exposure to algorithm-controlled systems and understand when human involvement is a liability.
- Identify alternative ways of treating risk from algorithm related incidents.
“FAST FACT : 83% View Cyber attacks as one of Top 3 threats to Business, but only 38% feel prepared for a sophisticated attack.”
PHISHING DOMINATE CURRENT CYBER ATTACK LANDSCAPE
Phishing is a fraudulent attempt, usually made through email, to steal your personal information. The best way to protect your business from phishing is to learn and educate employees on how to recognize a phish.
Phishing emails usually appear to come from a well-known organization and ask for your personal information such as credit card number, bank account number or password. Often times phishing attempts appear to come from sites, services and companies with which you do not even have an account.
Microsoft says, the company scans up to 400 billion email messages for phishing and malware, processes 450 billion authentications, executes more than 18 billion web page scans, and scans more than 1.2 billion devices for threats each month.
Malaysian Communications and Multimedia Commission (MCMC) says Malaysia, most of the phishing attacks detected target internet banking users and tricks them to reveal their credentials. The commission has blocked 10,962 websites found to be involved in online cheating or phishing from 2008 to January 2017.
CYBER CRIME IS HERE TO STAY
The number of threats that cyber-attacks unleash continues to increase exponentially, and small businesses run a risk of losing data, sales, productivity, and even money. Since any organization can be a prime target, it is vital to take all the necessary steps to safeguard business information, technologies, and processes. As only effective filtering tools, education of users to the threats and continued vigilance can prevent these attacks.