How worried should your business be about cybercriminals?

Research and education are key to defending your SMB from attacks

Business in the UK is booming right now. Last year alone, 608,100 new firms were launched, an increase of 4.6% compared to the 581,173 that were formed in 2014. These statistics, compiled by Companies House, show that attitudes towards business and entrepreneurialism are changing.

Better access to funding and support is encouraging people to take the step into the unknown by turning their ambitious ideas into trading businesses. But while it may be a lucrative time to become an entrepreneur, that's not to say there aren't a host of concerns and challenges as well.

Cybercrime, in particular, is a growing problem faced by businesses. And hackers are causing mayhem. According to government research, 74% of small businesses reported a security compromise last year – a staggering 60% growth from 2013 and 2014. The survey claims that this could be costing businesses from £75,000 to £311,000 (around $95,000 to $400,000, or AU$125,000 to AU$520,000). In comparison, businesses could expect to lose between £65,000 and £155,000 (around $85,000 to $200,000, or AU$110,000 to AU$260,000) the year before.

Clearly, then, if you're a business owner or are thinking of setting up your own firm – now or in the future – it's crucial to understand the cyber-security threats posed to SMEs and how to combat them. It's far from an easy matter to do so, but techradar pro recently caught up with the experts to offer much needed insight into this topic.

cyber security isn t always a top priority for smaller companies

Cyber-security isn't always a top priority for smaller companies

SMEs could be neglecting security

As the latest research suggests, hackers are increasingly targeting businesses, particularly smaller and medium-sized enterprises. They see opportunity in the fact that cyber-security isn't always a top priority for smaller firms. Money is usually tight and goes towards areas such as product development and customer acquisition.

Kevin Timms, co-founder of IT services company Streamwire Group, explains that hackers have been more commonly associated with corporations and governments in the past. But they now see a lucrative opportunity in targeting vulnerable SMEs, where cyber-security has been focused mainly on preventing viruses.

"Cyber-security is a bigger issue for SMEs today than ever before, as attackers who previously targeted large corporations and government bodies now turn their attention to startups and SMEs," he says. "Small businesses are at greater risk, for the simple fact that they aren't accustomed to being on the receiving end of such attacks, and may not have the necessary protection or contingency plans in place."

Timms says attackers are focusing on compromising systems to get hold of valuable data – such as customer details and transactions – for financial gain. Firms ought to act now, he urges. "As the primary purpose of these attacks has now shifted towards stealing information for financial gain, the attacks have become more cunning and thus trickier to protect against. All SMEs – and particularly those who hold customer information – need to be aware of this increased risk and act accordingly," he said.

"SMEs should consider having an IT security audit carried out, to help them to first understand how well protected their company is, before developing robust prevention protocols and contingency plans with their chosen partner."

Growing skills gap causing mayhem

Dealing with new cyber-security threats needs a particular skillset. However, for small businesses, hiring dedicated staff to deal with these problems is simply something they can't afford. But Martin Borrett, CTO of IBM Security Europe, believes there's still hope. And it comes mainly from the cloud.

"We continue to see a growing skills challenge and gap in the security industry. This challenges organisations of all sizes, but especially SMEs, to hire the skilled staff they need to respond to the ever growing cyber-security threat. The benefit of having dedicated security professionals on staff is simply not one many smaller organisations can afford," Borrett observes.

"However, there is hope ahead on two fronts. First, growing cloud adoption – for many smaller organisations the level of security available and provided by larger cloud providers is already greater than they can achieve in house for their IT Services."

Borrett also sees potential in companies going down the outsourced software route, and at the same time, they can develop their skills in the area to ensure they're never threatened by cybercriminals. He says: "SMEs should consider MSS (Managed Security Services). By outsourcing security to trusted providers with their deep expertise and efficient processes, smaller companies can effectively gain the necessary security skills for their organisation without the higher cost of having someone on staff."