Simon Vellacott
Security Portfolio Manager, Global Security Innovation, Vodafone
The Vodafone Cyber Ready Barometer 2018 Report has shown that 79% of businesses, with less than 250 employees, see cyber as critical - yet only 1 in 4 have adequate cyber maturity. This is a point that is not lost on their adversaries who are increasingly targeting small businesses to disrupt and subvert wider supply chains for their own financial or political gain.
For a small business owner, the first step on the cyber security journey is to understand the types of cyber threats that their business is facing. This can often be bewildering given the plethora and evolving nature of attack techniques. The most prevalent types of cyber attacks that small businesses need to ready themselves for include attacks where adversaries encrypt data and demand a ransom, commonly known as ransomware. Although these types of attack have been around for a number of years, their impact on society became extremely evident with the well-publicised ‘WannaCry’ ransomware attack, which affected the UK’s National Health Service (NHS) in May 2017 and organisations in over 150 countries.
There is also nearly weekly coverage in the media of organisations that have experienced a data breach which has led to sensitive information ending up in the public domain or being exploited by adversaries. This is especially important as new regulations, such as the EU General Data Protection Regulation (GDPR), have recently come into force with businesses facing stringent financial penalties where personal data is compromised. Often data breaches are the result of successful Phishing or Watering Hole attacks. Phishing attacks involve employees being duped into clicking on a malicious link within an email or opening an infected attachment. Whilst Watering Hole attacks entail frequently visited websites being compromised and malware being inadvertently downloaded.
Getting the simple things right can be applied to many aspects of life and cyber security is no different. There are simple practical steps that small business owners can implement to put themselves on a surer cyber footing and to protect their largest asset – their business.
The UK’s National Cyber Security Centre provides independent advice to businesses through their Cyber Essentials scheme to enable businesses to enhance their approach to cyber security. Practical steps businesses should be considering to improve their cyber security include:
An increased awareness of cyber threats and getting the simple things right are the first steps in enhancing your business’ cyber readiness and resilience in the face of the evolving threat and regulatory landscape.
[1] Cyber Essentials, National Cyber Security Centre, https://www.cyberessentials.ncsc.gov.uk/
[2] Cyber Security: Small Business Guide, National Cyber Security Centre, 2017, https://www.ncsc.gov.uk/blog-post/cyber-security-small-business-guide
[3] ENISA Threat Landscape Report 2017: 15 Top Cyber-Threats and Trends, 15 Jan 2018, European Union Agency For Network and Information Security, https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2017
Cyber security is a key concern for organisations of all sizes. Protecting devices, networks, data and apps is an essential component of doing business. Vodafone provides security products and services to businesses of all sizes, helping you secure your business anywhere because we are everywhere. We are trusted by organisations globally, including utilities, financial institutions and government agencies. For more cyber security insights, you can find us on LinkedIn.
Explore the possibilities a Gigabit Society can bring to your business. Receive a monthly digest straight to your inbox.
Around the globe, our network reaches over 184 countries.
We provide the underlying transport network, the virtual overlay, and the platform to prioritise everything.
We have been recognised by industry analysts as leading network providers.