Remember this saying?
“You don’t need to outrun a bear – you only have to run faster than the person running next to you.”
It’s not really a joke – someone is going to get hurt – but it plays out in many different scenarios. Here’s one.
Types of cyber attacker
There are several different types of cyber attacker, but let’s focus on three to keep things simple. In general terms:
- Script kiddies. These are typically individuals with a low level of skill who pay for pre-crafted attack methods built by those with more skill. The barrier to entry is low, so there are many people ‘giving it a try’, and – crucially – attacking the easy targets.
- Organised crime. This is run as a business, employing well-paid and skilled staff, so it is moderately expensive to operate, with budgets, and targets to meet. They are likely to follow the money, and to take a bit of time to prepare a wide-ranging attack that could reach many businesses.
- Nation state attackers. These are run by governments employing staff with very high level of skill designing highly targeted attacks, usually with the aim of causing national disruption. This is expensive, and the average business is unlikely to be a victim of such an attack.
The attack cost is significant here. Phishing attacks cost little to implement. Buying (or hand-crafting) an as-yet-unknown attack (known as a zero-day attack) is expensive.
How does this affect your business?
Assuming that you are not running critical national infrastructure, a multi-national or a listed company, the answer may be surprising.
Although certain adversarial nations often get the blame for attacks (even when innocent), a nation state attack is unlikely to affect your business directly. However, if they attack something on which you depend, such as energy or water, you may experience some disruption. You do have a business continuity plan in place, of course?
A script kiddie or organized crime attack is more likely to have a direct impact on your business.
For example, perhaps a script kiddie attacked your website because they could detect it was running an old version of software that contained a security hole. This might mean you can’t take online orders until it’s been restored, damaging your income and reputation.
Or maybe an organized crime group gained access to various computer systems and collated information to be used to defraud companies or individuals. Perhaps they got access to your business systems, which meant they could encrypt your customer data, and demand a ransom for its return. These kind of attacks are likely to have a bigger and longer lasting impact on your business.
And the bear?
Given the number of businesses that – according to the recent UK Government report – lack cyber security skills, putting cyber security essentials in place for your business will have the same effect as putting on running shoes.
Essential cyber security measures will make it harder for either the opportunist attacker or the organized crime gang to make your business their victim. They are more likely to move on to a business that has not yet got its running shoes on.
Want help with the right cyber security measures for your business? Contact the Click and Protect team on 0113 733 6230.