It’s easy to feel overwhelmed by the threat of cybercrime. Last year, cybercriminals stole more than £4 billion from businesses in the UK, which is 63% more than in 2021. 

And unfortunately, small and medium-sized businesses are three times more likely to be targeted than larger companies. They’re generally less equipped to deal with attacks and absorb the associated costs, so 60% are forced to close within six months of an attack.

These numbers, the rising cost of living, and predictions that the UK economy will shrink is a perfect storm for businesses. And with an ever-growing threat, there’s an ever-shrinking contingency fund.

But don’t let this get the better of you. It’s important to understand the most common types of cybercrime and take action to mitigate the risk of an attack.

What are the most common types of cybercrime?

1. Hacking

Hackers break into your computers and networks to access data. This unauthorised access can be via brute force to guess your passwords or software like spyware. 

Example

T-Mobile suffered an attack which affected 37 million customer accounts. The hacker stole personal data, like names, birth dates, and phone numbers, through an application programming interface (API) for a month before being detected and stopped. 

Confused about Cyber Insurance? Check out our new guide for everything you need to know.

2. Phishing

Phishing is a type of social engineering attack often used to steal data, such as login details or credit card numbers. Criminals ask recipients to share sensitive information via email or by visiting fake websites that look legitimate but aren’t. A recent State of Phishing report revealed that there were 250 million phishing attacks in 2022. Fortunately, there are some simple ways to avoid an attack.

Example

Developers at DropBox were recently targeted by a phishing campaign that successfully accessed some code stored in GitHub, an internal hosting service for software development and version control. The criminal impersonated another platform and sent emails encouraging developers to log in so they could steal their credentials. Most emails were quarantined by DropBox security systems, but some made it through, and one employee entered their details. The threat actor stole data including API keys and a few thousand names and email addresses of DropBox employees, customers, and leads.

3. Malicious software

Malicious software, or malware, is a type of computer program designed to steal data or damage computers and computer networks. This includes viruses, trojans and worms. Ransomware is also a type of malware, and this kind of attack is on the rise. In 2022, ransomware accounted for 25% of all data breaches. One way attackers can successfully steal data is through unpatched systems with known vulnerabilities.

Example

The Guardian newspaper suffered a ransomware attack in December 2022. It was likely triggered by a phishing email that meant the attacker could access the internal network. Its IT infrastructure was affected but publishing and printing continued with staff being sent to work from home. No customer data was stolen, but the attacker accessed staff data in the incident. 

4. Distributed denial of service (DDoS)

A DDoS attack is designed to stop legitimate users of a website or service from accessing them. An attacker will overload the website with traffic so that it cannot cope or accommodate any more visitors. A hacker will call on hacktivist groups to help them do this or infect innocent users with malware so the hacker can force devices to contribute to the attack.  

Example

A Google Cloud Armor customer recently faced the biggest DDoS attack on record. At its height, there were 46 million requests per second and the attack lasted for just over an hour. Fortunately, Google was able to block the attack.

What can you do to protect your business?

Budgets are certainly stretched at the moment, but the last thing you should skimp on is cybersecurity. Fortunately, there are some straightforward and reasonably priced ways to protect your business from the most common threats. For example, getting a Cyber Essentials or Cyber Essentials Plus accreditation reduces your cyber risk by 98.5%.

The certifications are designed by the UK government and give businesses a standardised level of protection. There are five security controls to help you address cybersecurity effectively. These are:

• Firewalls
• Secure configuration
• User access control
• Malware protection
• Security update management

Its easy-to-follow steps make it simple to secure your business against the most harmful threats. And it costs a fraction of what it would to deal with an attack. You’ll get a great return on investment (ROI) and peace of mind, so it’s a reliable way to protect your business for the future.

The cybersecurity industry has long had a reputation for impenetrable jargon, be it tools, threats or solutions. So, in this blog, we’re demystifying another confusing term. What are ‘DDoS attacks’? Why should you be worried about them? And, most importantly of all, what can you do to stop them?

How does a DDoS attack work?

DDoS stands for Distributed Denial of Service. And it’s a very simple but potentially very disruptive premise. Cybercriminals pick a target, then flood its network with so much malicious traffic that it can’t operate as it usually would. The result is that legitimate traffic (such as shoppers or readers) grinds to a halt. 

You’ve probably seen this technique used before without necessarily putting a name to it. Google was hit with the largest attack on record in 2017. Meanwhile, Amazon Web Services fell foul of a gigantic attack in February 2020. 

How common is this kind of attack? 

DDoS attacks are more common than you might think and they’re on the rise. 2020 saw a 151% increase in the frequency of attacks in comparison to 2019. And, to make matters worse, cybercriminals are increasingly targeting small businesses with this kind of attack. 

How much damage can a DDoS attack do? 

A DDoS attack is highly disruptive for any business. But for big corporates, it’s usually something they can swallow. After all, for a multi-billion dollar business, a few days lost revenue and some disgruntled customers don’t have to spell disaster. 

However, for a small business, a DDoS attack can have serious consequences. A successful DDoS attack can take down entire websites and systems. This could mean lost revenue, breached data, reputational damage, dissatisfied customers, and a massive cleanup effort to get systems back up and running. In other words, a potentially critical situation for a small business with limited resources. 

What can you do to protect your business? 

We’ve painted a pretty scary picture so far. But that doesn’t mean small businesses are defenceless in the face of DDoS attacks. There’s plenty you can do to help your business avoid the worst-case scenario. 

Use a Web Application Firewall (WAF)

A WAF blocks suspicious traffic and prevents DDoS attacks from accessing your business’s servers. And, the best thing about a WAF is that it’s easy to customise for your business. For example, if you mostly do business in the UK, you could configure it to block all non-UK traffic. Or, you could take it a step further and blacklist traffic from markets renowned for attacks.

Of course, like all software, you need to ensure you’re patching regularly for it to be most effective. 

Learn to spot the signs

We’re always talking about the importance of security training for your staff and our advice is no different when it comes to preventing DDoS attacks. One of the key reasons that DDoS strikes are so hard to stop is so few people know how to recognise them – until it’s too late and business systems fail.

To give an example of what we mean, did you know a sudden surge in traffic – even for just a few minutes – could signal the start of an attack?

Even basic cybersecurity knowledge among staff about what the threats are, how to spot them, and what to do in the event of an attack, can help your business get a head start on cybercriminals.

For more on security training, read this. 

Be mindful of your supply chain

A huge proportion of cybersecurity attacks now begin in the supply chain. And, unfortunately, this includes DDoS attacks. Most SMEs are part of a supply chain and lack the security resources of larger partners, making them an enticing way for cybercriminals to attack more glittering prizes. 

These ‘attacks through the back door’ are becoming increasingly common. US retail giant Target was fined $18.5 million after a breach at its air conditioning partner led to the leak of millions of credit card details. 

So talk to your suppliers and partners about their cybersecurity practices and share experiences and advice. For those below you in the chain, this may mean asking for proof that their cybersecurity is in order. And for the bigger companies you service, this could mean agreeing to shared security practices and transparency in the event of a breach. 

Protecting your business on a budget is tricky. Calling in the experts or investing in the latest tools is expensive. So what can you do? CyberSmart Active Protect secures your business around the clock with no need for costly consultants, tools or an in-house team. Try it today.