It’s easy to feel overwhelmed by the threat of cybercrime. Last year, cybercriminals stole more than £4 billion from businesses in the UK, which is 63% more than in 2021.
And unfortunately, small and medium-sized businesses are three times more likely to be targeted than larger companies. They’re generally less equipped to deal with attacks and absorb the associated costs, so 60% are forced to close within six months of an attack.
These numbers, the rising cost of living, and predictions that the UK economy will shrink is a perfect storm for businesses. And with an ever-growing threat, there's an ever-shrinking contingency fund.
But don’t let this get the better of you. It’s important to understand the most common types of cybercrime and take action to mitigate the risk of an attack.
What are the most common types of cybercrime?
1. Hacking
Hackers break into your computers and networks to access data. This unauthorised access can be via brute force to guess your passwords or software like spyware.
Example
T-Mobile suffered an attack which affected 37 million customer accounts. The hacker stole personal data, like names, birth dates, and phone numbers, through an application programming interface (API) for a month before being detected and stopped.
Confused about Cyber Insurance? Check out our new guide for everything you need to know.
2. Phishing
Phishing is a type of social engineering attack often used to steal data, such as login details or credit card numbers. Criminals ask recipients to share sensitive information via email or by visiting fake websites that look legitimate but aren’t. A recent State of Phishing report revealed that there were 250 million phishing attacks in 2022. Fortunately, there are some simple ways to avoid an attack.
Example
Developers at DropBox were recently targeted by a phishing campaign that successfully accessed some code stored in GitHub, an internal hosting service for software development and version control. The criminal impersonated another platform and sent emails encouraging developers to log in so they could steal their credentials. Most emails were quarantined by DropBox security systems, but some made it through, and one employee entered their details. The threat actor stole data including API keys and a few thousand names and email addresses of DropBox employees, customers, and leads.
3. Malicious software
Malicious software, or malware, is a type of computer program designed to steal data or damage computers and computer networks. This includes viruses, trojans and worms. Ransomware is also a type of malware, and this kind of attack is on the rise. In 2022, ransomware accounted for 25% of all data breaches. One way attackers can successfully steal data is through unpatched systems with known vulnerabilities.
Example
The Guardian newspaper suffered a ransomware attack in December 2022. It was likely triggered by a phishing email that meant the attacker could access the internal network. Its IT infrastructure was affected but publishing and printing continued with staff being sent to work from home. No customer data was stolen, but the attacker accessed staff data in the incident.
4. Distributed denial of service (DDoS)
A DDoS attack is designed to stop legitimate users of a website or service from accessing them. An attacker will overload the website with traffic so that it cannot cope or accommodate any more visitors. A hacker will call on hacktivist groups to help them do this or infect innocent users with malware so the hacker can force devices to contribute to the attack.
Example
A Google Cloud Armor customer recently faced the biggest DDoS attack on record. At its height, there were 46 million requests per second and the attack lasted for just over an hour. Fortunately, Google was able to block the attack.
What can you do to protect your business?
Budgets are certainly stretched at the moment, but the last thing you should skimp on is cybersecurity. Fortunately, there are some straightforward and reasonably priced ways to protect your business from the most common threats. For example, getting a Cyber Essentials or Cyber Essentials Plus accreditation reduces your cyber risk by 98.5%.
The certifications are designed by the UK government and give businesses a standardised level of protection. There are five security controls to help you address cybersecurity effectively. These are:
- Firewalls
- Secure configuration
- User access control
- Malware protection
- Security update management
Its easy-to-follow steps make it simple to secure your business against the most harmful threats. And it costs a fraction of what it would to deal with an attack. You’ll get a great return on investment (ROI) and peace of mind, so it’s a reliable way to protect your business for the future.