cyber attacks

Cyber attacks are now a primary concern for businesses of every size and structure. What’s more, following the National Cyber Security Centre’s most recent threat report, it seems organisations across the board have every cause for concern. Not only has personal fitness tracker Polar revealed the personal information of millions of users, but photography and social media app Timehop has also suffered a significant data breach.

These companies have since identified the holes in their defences, but evidence suggests they could have done more to prevent the attacks in the first place. Here, we discuss why large companies are the most vulnerable to cyber attacks, and what businesses of all sizes can learn from recent cyber security statistics.

Are large businesses most at risk of cyber attacks?

Many people assume that large companies with adequate security budgets are the best protected against cyber crime. On the contrary, Coalfire’s first annual Penetration Risk Report indicates that large businesses are the least prepared of all companies against cyber crime, leaving them more vulnerable than smaller enterprises and startups.

According to tests conducted on large organisations, 49% of vulnerabilities found were deemed to be high risk, versus 38% for small businesses and 34% for medium businesses. The report also showed that while large businesses had the best defences against phishing and social engineering attacks, mid-sized companies were better at protecting their assets and mitigating their overall cyber security risk.

Small businesses are at risk, too

Although most media reports focus on large-scale cyber-attacks like the infamous Target and Netflix breaches, Coalfire’s report shows that small and medium-sized businesses are also at risk. According to industry experts, around 60% of startups fail within the first six months as a result of a cyber-attack. Furthermore, industries like higher education, healthcare, government agencies, and those in the energy industry are targeted more than others.

The greatest cyber threat to all businesses

According to Andy Barratt, Managing Director of Coalfire, the greatest vulnerability in our defences against cyber terrorism is us:

Despite bigger companies outperforming their smaller rivals in this area, it’s clear that human error poses the greatest risk to businesses of all sizes. Whether you’re an FTSE 100 company or an SMB, the chances are that staff are your cyber security Achilles’ heel.

Coalfire goes on to explain that unsecured protocols, password flaws, missing system patches, out-of-date software, and cross-site scripting are the five most common vulnerabilities in both external and internal networks.

Minimise your risk of cyber attacks

No two businesses are the same, which is why there is different security advice for companies of different backgrounds and structures. Coalfire advises that small businesses should focus on integrating security checkpoints in their processes, while mid-sized companies should focus their investments on mitigating human error, especially in development programming. Employees should also be engaged in social engineering tests.

Large companies are the most at risk of cyber attacks, so they should prioritise asset management and focus on raising the level of visibility across the board. However, implementing proper security protocols is a complex task. Therefore, it is recommended that you have a professional cyber security risk assessment performed on your business. You also need to ensure you follow preventative steps and have a disaster recovery plan in place.

Address the issue of cyber crime today

Cyber attackers will continue to implement new techniques to exploit vulnerabilities resulting from human error, especially if those errors include failing to update software or not implementing two-party authentication. If you have concerns about your business security or the protection of your data, contact City Business Solutions today to find out how we can bolster your resilience and protect your business against cyber crime.