THE
SOLUTIONS
LAB
Phil Cracknell
Security
expert
Challenge:
CYBER SECURITY
Hacking: eight reasons why small businesses
should be taking it seriously
It's time to look at
the bigger picture
Cyber wars are taking place every day.
People are hacking governments to steal
information and secrets in the same way
we have spies and double agents. I have
recently been on a 10-month assignment
at a train company in the UK, who are
going ahead with plans to move all of
their signalling to the train cabins instead
of a central signalling centre. Bring a
cyber-criminal with a vicious motive
and the ability to hack these trains into
the equation, and you’ve got a very
dangerous situation.
It will take a catastrophic
event to lead to reform
My prediction for the future of hacking
is that there’ll be a massive event that’ll
lead to loss of life. Several terrorist plots
involving cyber-crime have already
undoubtedly been foiled, and it’s only
a matter of time before one takes hold.
There’s still a widespread disregard for
cyber-security because it’s not in people’s
faces yet. But an event like this would lead
to major reform.
There’s an ecosystem of
hackers we need to fear
There are many ‘smaller time’ hackers
that do it more for the kudos it gives them
in their network rather than aiming to
carry out organised crime. But they’re still
dangerous.
These opportunistic hackers are often
groomed by other, more serious hackers
who’ll tell them to attack a certain IP
address. And the smaller-time hackers
will do it because they believe they’re
doing a valuable job in taking down a bad
organisation or similar.
Small businesses aren’t
immune to cyber-threats
SMEs need to remember that even
though they’re small in size, if they’re
part of a larger supply chain, they’re still
vulnerable. Anyone that supplies to trains,
buses, planes, energy companies or any
other organisation considered critical to
the national infrastructure could provide
a way for hackers to get into where they
want to be. Four of the biggest hacks in
the world – Sony, AT&T, eBay and Target
– were able to happen because of a third
party supplier being compromised. And
if enough small businesses were attacked
it could threaten our country’s entire
financial infrastructure.
Seek external help to keep
your business secure
If you own a small business you probably
don’t need to employ a security expert
full time, but it’s wise to seek external
help to guide you and check that you’re
secure on a regular basis. It’s a good idea
to seek specialist help and contract a Chief
Information Security Officer (CISO).
Social engineering is often used
Imagine the scenario. A British Telecoms
(BT) engineer turns up in full uniform
at your business premises. They claim
that your main phone line is down due
to a problem in the area. You check the
line – it’s dead. Your customers can’t get
through to you and you’re losing money
by the minute. How likely are you to let
the engineers get on with their job and fix
things? Hackers have been known to create
crises for businesses, only to turn up and
‘save the day’ a few minutes later. What
they’re really doing is getting potentially
unlimited access to the business’s network.
Always be vigilant when giving
out your details
To avoid being socially engineered,
always be wary of who you’re giving
details to, whether it’s on the phone, in
person or online. If you receive an email
with a link in it asking you to change your
password for something like Facebook,
don’t follow it. Instead, manually type the
Facebook URL address into your browser
and see if the website asks you to change
your password that way.
Cyber insurance is going to
change the world
Hacking activity is spread far and wide, and
is being used for multiple different purposes
across the globe, some of them very sinister.
But it’s not all doom and gloom. This is why
I think cyber insurance is going to change
the world. I genuinely believe that if you’re a
small business owner, cyber security should
be up there at the top of your list of priorities.
It’s not an optional extra, just like business
insurance isn’t. And when you look at the
bigger picture, you can see why.
SME
47