Devastating cyber attacks on big businesses like Jaguar Land Rover and M&S attract the big headlines.
But SMEs are particularly vulnerable, specifically those with significant amounts of cash going through their books. For example, the recent case of KNP, the haulage group that included the 158-year-old transport company Knights of Old, which suffered a terminal ransomware attack after a Russian group accessed their systems, apparently as a result of a weak password.
As the owner of an SME that’s suffered a targeted and sophisticated raid, I want to warn you: Do not underestimate this risk. Sadly, the mindset should be: It’s a matter of when, not if, you’ll be targeted.
Vishing is what got us. Someone managed to convince us that he was from our bank’s fraud department. He stole money. Which hurt. It could have been much worse though. At least it didn’t directly affect our customers or suppliers.
So, what to do about it?
While investment in the growing list of technological cyber-related safeguards is crucial, this is still mainly a people problem. The vast majority of successful attacks are the result of human error.
Think of how seriously manufacturing plants treat health and safety. There are signs by the clocking in machine and constant reinforcement everywhere throughout the workplace. Cyber security culture needs the same level of visibility and commitment.
And don’t think you can rely on your insurance company to roll over and pay up. As this issue grows and the insurers face the reality of more and more claims and payouts, it is an area where insurers are expanding exclusions and conditions.
If you are the victim of an attack, you’ll likely have to provide cast-iron proof that you’ve done everything possible to make your people alive to the risks, like having regular Cyber Security training and ensuring every single person in your organisation (so not just your Finance Team or Directors) is up to date. I urge you to go away and act on the small print in your insurance policy!
