Small firms suffering the brunt of cyber crime

More and more small businesses are falling victim to cyber-criminals and one of the fastest growing threats is ransomware, which has risen by 3,500 per cent, according to security experts.

The malicious software scrambles the data on the target computer until a sum of money is paid to restore it. Experts have found 124 separate families of ransomware. These attacks cost businesses thousands of pounds and are often distributed through fake phishing emails.

In a new report, the Federation of Small Businesses (FSB) said that small firms are suffering more from cyber-crime than larger firms and revealed that 66 per cent had been attacked by cyber-criminals in the past year.

The FSB’s Cyber Resilience: How To Protect Small Firms In The Digital Economy report found that small businesses are collectively attacked seven million times per year. This is costing the UK economy an estimated £5.26 billion. Over that period, firms affected have been hit on average four times, costing around £3,000 per business.

This is despite the fact that the majority of small firms (93 per cent) say they take steps to protect their businesses from digital threats.

Common cyber threats affecting these businesses included phishing emails (49 per cent), spear phishing emails (37 per cent) and malware attacks (29 per cent).

The FSB is calling on the Government to give more support to small firms. It said there needs to be “significant simplification” and consolidation of cyber security information and that the proposed National Cyber Security Centre should become a hub for this.

Mike Cherry, FSB National chairman, said: “We’re calling on Government, larger businesses, individuals and providers to take part in a joint effort to tackle cyber-crime and improve business resilience.”

“Small firms are understandably focused on building their businesses and creating the jobs that drive economic growth. The vulnerabilities of the digital world affect everyone and the responsibility for improving resilience should not be left to the group with least resource to do something about it.”

Kaspersky Lab on how to combat ransomware

With more and more retailers being targeted by cyber-criminals, David Emm, principal researcher at security company Kaspersky Lab, talks exclusively to ERT about what steps they can take to combat this growing threat

David Emm, Kaspersky Lab principle security researcher

Q: What can be done to prevent/limit this happening?
To avoid succumbing to a ransomware attack, companies should follow strict security policies, which include internet security protection, applying security updates as soon as they become available, user restrictions to prevent them running unknown applications and, perhaps most importantly, employee education.

Additionally, it’s vital that businesses back up their data regularly, so that if they do fall victim to ransomware, they don’t lose data. Back-ups should be made to offline storage, since the data on any storage device connected to the computer at the time of infection will also be encrypted. Having a back-up is vital to mitigate the effects of a ransomware attack, together with other measures designed to block malware and prevent attacks.

Ransomware is often distributed through fake email messages mimicking email notifications from a trusted source, like a colleague or other businesses that staff are used to working with. This lures a user to click on a malicious link and distribute malware. This method is called phishing. With that in mind, staff should fine-tune anti-spam settings and never open attachments sent by an unknown sender. A quick 30-second phone call is much better than putting corporate data at risk.

Q: What steps can retailers take if they find themselves in this situation?
Firstly, if retailers are infected with ransomware, paying the ransom is unwise, primarily because it does not guarantee that the corrupted data will be decrypted. There are also a number of ways things can go wrong, even if the company decides to pay the ransom, including bugs in the malware itself that make encrypted data unrecoverable, actions by a system administrator that make data unrecoverable, IT infrastructure damage and/or downtime, legal consequences due to information loss, damaged relations with partners and customers, etc.

Unfortunately, in many cases, once the ransomware is launched, unless there is a back-up or preventive technology in place, there is very little that a user can do. However, sometimes it’s possible to help users to decrypt their data that has been locked by the ransomware without having to pay the ransom. In 2014, Kaspersky Lab partnered with the National High Tech Crime Unit of the Netherlands police to create a repository of decryption keys and a decryption application for victims of the CoinVault ransomware.

In addition, we caution victims about using unaccredited software that they’ve found on the internet that claims to fix encrypted data. In the best case, this software is a useless solution and the worst-case scenario is the software distributes additional malware.