By Michael Moore
British businesses' cyber-security provisions are so lax that more than half of them could be hacked in less than an hour, according to a leading data security specialist.
Despite several high-profile hacking attacks in recent months, Walter Rossi from IT service provider Daisy Group has warned that the majority of businesses are simply not prepared for cyber-security attacks and have little protection against them.
The most common techniques used by hackers include distributed denial-of-service (DDoS) attacks, which involve programs that paralyze a business' system by overloading it with traffic, or those that secretly obtain information, such as commercially sensitive information or bank details.
However, the rate of cyber extortion attacks are also growing, as DDoS hackers take down a company's online services or Website and then issue a ransom demand to release the files or site.
"Attacks on small and medium-sized businesses are remarkably common as their security tends to be less sophisticated, making them easy prey," said Rossi. "They are usually targeted by those aiming to steal their customers' bank details, blackmail them, or to use them as a 'back door' to get into larger organizations."
"There is no perfect solution and even companies with some of the most sophisticated systems in the world can fall victim to hackers, however, investing in a good, up-to-date security system, which is regularly updated and built to withstand viruses and DDoS, will ward off most attacks. It also doesn't need to be expensive.
"Ideally, businesses should have multi-layered security systems that not only block access, but detect and alert you when there has been a breach."
Rossi also advises implementing good 'housekeeping' processes that prompt staff to change their passwords at least once every three months, using a combination of letters and numbers.
Businesses particularly at risk should consider using two factor authentication (2FA), such as key cards or fingerprint readers, in addition to password protection.
"While investing in decent firewalls and changing passwords might seem like an unnecessary inconvenience, failure to do so can cause thousands of pounds of damage, and potentially lead to customers and suppliers being hacked, doing untold damage to a business' reputation," he added.
In the face of rising threats, the U.K. government has launched several initiatives to try and improve the cyber-security awareness of small businesses. This included "Cyber Essentials", a new certification scheme designed to help consumers establish whether an organization has implemented basic cyber-security measures, which was launched last June.