To defeat any enemy, you have to know how they think. Read on to understand what hackers look for – and how they spot vulnerabilities – so that you can protect your business from black-hat tricks.
There is something soothing about a world underwater.
Fish tanks are relaxing to look at. Research shows that watching these aquiline animals reduces our stress and lowers blood pressure. One study even found that an aquarium effectively chills out patients waiting at a dentist’s office.
Impressive stuff.
But for at one business at least, the lobby fish tank became a source of considerable stress.
According to The Washington Post, a North American casino was hacked through its aquarium in 2017. The artificial habitat was equipped with sensors that modulated its temperature, food, and conditions. This digital device connected to a local PC, and so cyberattackers used it as a port of entry to the larger network.
And boom. They were in.
The rise of homeworking during the pandemic exposed us without us noticing. Away from the office, we connect our work laptop to our home internet without thinking. We connect our work mobile to our Virtual Assistants, and other IoT.
In fact, 80% of IT organisations found IoT devices on their networks that they did not install, secure, or manage.
Cybercriminals jumped on the opportunity to target unsuspecting users and unsecured devices. IoT devices, according to one study from Berkley, are attacked thousands of times every single month. Most IoT devices are inherently insecure, as they lack the bandwidth for serious encryption.
Cybercriminals use them to leapfrog into the real target. Without the right protection, something as banal as a fish tank thermometer could sink your business.
Even before the pandemic, one study from Hiscox found that a small business in the UK is successfully hacked every 19 seconds. Since COVID-19, the problem has only gotten worse.
In the wake of the COVID-19 pandemic, cyber criminals have only gotten bolder.
In the first half of 2020, 4.83 million DDoS attacks were recorded. So-called ‘zero-day’ attacks, a name that refers to the amount of time the vulnerability was known before the attack (0), doubled in 2021. Moreover, a lot of compromised data is floating around online, unbeknownst to its owners, and available to anyone with a computer and an appetite for clandestine information.
So: what can small businesses do to protect themselves from this new breed of post-pandemic hacker?
Understanding the mindset of a cybercriminal is a good place to start.
Brett Johnson was on America’s Most Wanted List for 39 cybercrime felonies. He built the world’s first cybercrime community called Shadow Group, a precursor to today’s darknet.
“The United States Secret Service called me the Original Internet Godfather” he says, from his studio in California, backdropped by a giant vinyl logo bearing his name.
Brett was ‘on the ground [floor]’ of modern financial cybercrime as we know it. He's a progenitor of the online fraud schemes we encounter every day (thanks, Brett).
Now a white-hat expert with a YouTube channel, he helps companies tackle cybercrime. There are few in the industry with the same 'hands-on' experience as Brett.
Pictured: Brett Johnson, formerly on America's Most Wanted List, is now a white-hat expert.
Many SMEs treat cybersecurity as an afterthought. That’s a mistake, according to Gill and Isla Wilson, the wiz web developers behind Buttered Host, both of whom also serve as consulting security experts for Vodafone and as business.connected advisors.
“If you own a building, you invest in contents insurance, but what are you doing to protect your digital assets? You'll buy a lock for your door, right? So why wouldn’t you have a lock on your website?”
From side hustles to homeworking, the pandemic heralded a shift in the way we work. Gill and Isla say that has intensified the threats facing small businesses. They mention that setting up a business online has never been easier, but with so many low-cost services out there, cybersecurity is often kicked into the long grass.
No matter the size or nature of your company, it’s important to understand the value of the data you hold. E-commerce start-ups are in the same boat as your local gardening company.
“You might think: I don't sell anything online, so people aren’t going to steal from me. But there’s so much you can harvest. Even if it’s your password, if someone gets that, they can change privileges on your website and manipulate your visitors”
Brett agrees, adding that he doesn’t think the common cybercriminal is very skilled. They’re social engineers. That means they're part of a wider network of hackers who exchange information online. These criminals use known exploits to access a website, bypassing generic security measures.
“Does the website have a known bypass? Read their Terms of Service, look at what type of security they use. If anything looks new, I’d ask my network: ‘Hey, have you guys encountered this? How did you get past the security?’ Usually, the answer is there.”
Brett thinks the free sharing of information is the hacker's most powerful tool.
“You see it with every single crime that takes place.’”
THE TAKEAWAY: Hackers don’t need to be sophisticated to access your business data. Think about upgrading your website’s security features. Practice good cybersecurity hygiene, such as checking data breaches, and changing your password at least every 90 days (and ideally more often[1]).
For more support discover our free business support helpline and speak to one of our Business Advisers by phone, contact form or web chat.
Wondering what you can ask? Our team can help with a range of digital topics
Available Monday to Friday, 8am-6pm, our friendly team are here to provide guidance and support on the topics that matter to your business.