Hacking hands
Amidst other concerns, small businesses' priority in cyber security has lessened. iStock

Recent results from the UK Government's Cyber Breaches Survey for 2023 have revealed that smaller businesses are choosing to not place priority on cyber security measures. This revelation comes amidst there being other economic concerns that take greater priority such as higher energy costs, higher inflation plus wider economic uncertainty.

The survey publicised that 83 per cent of small businesses believe cyber security is a high priority this year, which is a four per cent drop off from 2022. Also, 66 per cent of small businesses were found to not have any board members or trustees that take strong responsibility for handling cyber security in their jobs.

It also revealed that changes to the business environment and the greater prominence of hybrid working models have led to smaller businesses finding it tougher to identify when a cyber security attack or breach comes their way.

John Davis, Director UK & Ireland at SANS Institute EMEA, the largest provider of cyber security education in the world has provided comment on this latest turn of events in the cyber security landscape. He firstly touched on organisations being spread thin and dealing with other matters, stating: "Businesses are battling enormous pressures in today's climate, amid inflation and supply chain issues."

Davis added that as a result of this, "Hackers are looking to exploit this. Their attacks are more prevalent, more sophisticated and harder to detect."

Amidst the growing presence and increased dangers that hackers possess now, Davis believes, "Defending against a vast host of new attack techniques is more than tricky for businesses, especially those of small size without a security team – let alone even an IT team."

Davis feels every little detail can help out when dealing with cyber threats. He said: "The golden rule to remember is that prevention is always better than cure. Even the smallest of security steps can make a difference."

In looking at possible suggestions for businesses to remain on top of cyber security measures, Davis adds that "legacy IT often plays fast and loose with valuable data. Turning to the cloud could be a great alternative, as it has many valuable security aspects."

Lastly, the Director UK & Ireland at SANS Institute EMEA touched on the vital need for employees within organisations to be in the know regarding cyber threats. He said: "Power comes through knowledge about how cyber-attacks could happen. This is why cyber security training shouldn't just be a tick-in-the-box exercise, but an ongoing journey of education for us all."

Despite Davis' wish for businesses to focus on cyber security training, 41 per cent of organisations still do not provide the adequate training required for dealing with cyber dangers, as revealed by a survey from Specops Software.

Furthermore, Hornetsecurity revealed in new research that 33 per cent of companies are not giving cyber security awareness training to staff that work remotely. This is relevant as more employees work from home full-time or have a hybrid working system which means they are not in direct contact with expert IT staff.

In terms of the specific cyber threats that are currently out there to businesses, zero-day attacks are one of them. These sorts of attacks have become much more prominent, with 2021 being victim to 40 per cent of zero-day attacks in the past decade.

Zero-day attacks occur when a hacker is able to exploit a potentially pivotal component of software before it is able to be fixed or aware of. The damage that the attacks can have include negatively affecting revenue and the reputation of a brand.

Also, another cyber danger to businesses is through Internet of Things (IoT) devices such as gadgets, sensors, appliances and actuators. These devices are vulnerable to hackers more than ever before due to the natural increase in IoT devices, with 43 billion of them across the globe.

Outside of posing harm to businesses, cybercriminals are also using public USB ports, where people can charge their phones, to infect them with spyware or malware. This has caused the FBI to issue a stern warning to the public not to use public phone charging ports as there is the threat of sensitive data being accessed and copied from phones or tablets by hackers.