The Royal Mail’s recent cyber-attack didn’t just cause severe disruption to its overseas postal service, it also shone a light on the human cost of cyber-crime.
While a statement revealed that staff were “working round the clock to reinstate remaining export services,” small business owners reliant on posting items abroad spoke out about the devasting financial consequences. With the upheaval dragging on over several weeks as the group strived to resolve the issue, business owners voiced their fears over delayed deliveries and the possibility that they’d have to resort to alternative, pricier postal services.
Meanwhile, Russian-linked ransomware group LockBit finally claimed credit for the incident, with hackers reportedly demanding an eyewatering ransom of £67m.
Nearly 40% of UK businesses came under cyber-attack in 2022, and the risk is clearly just as real in 2023. Alongside the Royal Mail, we’ve already seen JD Sports and engineering firm Vesuvius targeted by hackers, no doubt alongside scores of SME’s, which won’t be hitting the headlines.
“This year will be no different,” warned John Dwyer, Head of Research at IBM Security X-Force. “Almost as fast as the cybersecurity industry releases new security tools, adversaries evolve their techniques to circumvent them.”
Ransomware remains one of the biggest threats to business, but it’s not just corporate giants that are exposed. Recent research reveals that one in four UK SME’s have been targeted by ransomware in the last 12 months. According to Avast, which carried out the survey, an alarming 47% of victims paid up, in a bid to regain control of their systems, while 41% lost data.
With less resources, shallower pockets and without the benefit of in-house experts, SME’s can make an easy target for cyber-criminals. And the impact can decimate a business, as it damages operations, reputation and – ultimately – turnover.
Luke Potter is Chief Operating Officer at CovertSwarm, a leading UK ethical hacker and cyber security provider. He warns that many smaller companies naively believe their business isn’t lucrative enough to make them vulnerable to attack.
He explains, “Many business leaders think ‘Why would cyber criminals attack us, we only sell socks or gadgets?’ But imagine if you were breached, your data was stolen and your business could no longer operate without paying a ransom to the attacker. How would you feel? How would you function? How would your brand suffer if the attack hits the news?”
Luke adds that the knock-on effect of a cyber-attack can also be catastrophic, not just finally but also in human terms.
“Say you are a supplier of hospital medical equipment, used in life-saving operations,” he explains. “If your company was targeted and couldn’t function, you couldn’t manufacture that critical equipment. The hospital’s supply chain would then be interrupted and people’s lives, as a consequence, would be at stake. There is always a much wider impact beyond just your business.
“The data tells us that this is a threat that everybody needs to take seriously. So many businesses take the stance that they won’t be targeted, but the reality is that they are already being targeted. Or they have already been breached and just don’t know it yet. Ask yourself, is your current approach to offensive security allowing you to sleep at night? Or are you worried that you will be breached tomorrow?”