Almost not a day goes by that some type of large-scale hack or data breach doesn’t make the headlines. However, while we tend to get swept up by the few sensational cases involving hundreds of millions (or even billions of pounds), the larger truth often gets ignored.

Cybercrime is a pervasive threat at every level of business that no one can ignore.

If you still consider cybercrime only to be a concern of big business, think again. The statistics although approximate tell a very different story:

  • 65,000 attempts to hack small- to medium-sized businesses (SMBs) occur in the UK every day, of which around 4,500 are successful
  • With nearly 2.1% of UK SMBs based in Kent, that’s roughly 1,365 attacks, of which approximately 85 is successful
  • 60% of SMBs go out of business within just six months after a cyber attack

Despite these shocking statistics, there’s still much to be done by UK businesses to address this threat:

  • Only 31% of UK companies have completed a cybersecurity assessment in the last 12 months.
  • The average data breach costs an SMB approximately £16,000. That means cyberattacks cost Kent businesses roughly £554,800,000 per year.
  • Roughly 1 Kent business is successfully hacked every 15 minutes.

If you don’t take steps to proactively shield your business from cybercrime today, it’s more a matter of WHEN than IF you’ll fall victim. While the evolving nature of cybersecurity threats means it’s impossible to be 100% secure, you can always work to mitigate the damage and make your business more resilient.

Furthermore, governments have tightened data breach regulations and guidelines. That means businesses can be held liable for data leaks or breaches if they have been found not to have taken adequate data protection measures.

What Cyberthreats are Facing Kent Businesses?

While cybersecurity threats are changing and evolving by the day, here are some of the most common threats facing SMBs today:

Domain spoofing: This is the act of trying to mimic a legitimate website, such as a bank, business, or government site. Attackers often try to use a similar domain name and design as the original website to fool visitors.

Phishing: Like domain spoofing, phishing is an attempt to trick recipients into thinking a message is from a legitimate source. The attack is typically carried out via email but can also take other forms such as “smishing” using SMS. Phishing is often used as an entryway to launch further attacks. For example, enticing the user to give up their login credentials, download malware, or redirect them to a spoofed domain.

Credential hacking: This is simply an attempt to try and guess the login credentials of employees, customers, or other users. Attackers can use social engineering tactics, Trojans, physical device access, or brute force attacks to try and obtain user credentials.

Ransomware: Ransomware is malware that encrypts files/data on a victim’s device. The victim is then extorted to pay a ransom to avoid their data being deleted or exposed.

How to secure your business against cybercrime

As you can see, the human factor is still by far the most commonly exploited factor when it comes to successful cybersecurity attacks against businesses.

This means that your employees, leaders, customers, and other stakeholders are your single largest risk factor as an SMB. Particularly for SMBs who cannot budget for enterprise-grade security systems utilizing AI and automation, a human-centred approach to cybersecurity might be the best way forward.

Here are concrete steps you can take today to secure your business:

Education and training: Depending on how technologically reliant your business processes are, it’s vital that your employees at least understand basic cybersecurity. That means knowing what threats to look out for, how to identify them, and what actions to take when they suspect a cybercrime is afoot.

Strong credential practices: Strictly enforce using strong username/password combinations for all accounts using your applications, websites, business email, etc. Also, use two-factor or multi-factor authentication where possible.

Stay updated: Even old software and devices are continually updated or patched for newly discovered security vulnerabilities. Always keep your software updated, particularly your website, and make this a part of your business tasks.

For UK-based SMBs, IASME (Information Assurance for Small to Medium‐sized Enterprises) is the official framework for evaluating and implementing cybersecurity measures funded by the UK government. SMBs looking to secure their business with a more formal approach may benefit from seeking this certification.