With high-profile hacks of huge organisations such as Sony, MySpace, and Yahoo making headline news it’s tempting to think that only massive companies are susceptible to attacks – after all, they’ve got more data and more money, right? A recent study by Kaspersky Lab showed that 82% of small businesses say they aren’t likely to be targeted by a cyber-attack because they think that they aren’t worth hacking.
In fact, the opposite is true. 2015 Government research by PwC found that in actuality 74% of small-medium businesses in the UK experienced a data breach of some kind. These breaches cost SMEs upwards of a combined £800m in data recovery, reparative measures and reputational damage – and that’s without accounting for the possible fines incurred from recklessness with data. The Data Protection Act requires businesses to take appropriate measures to prevent unlawful loss of data, and an inability to do so properly can result in a fine of up to £500,000.
Small businesses are actually more susceptible to attack because of the hacker’s (accurate)assumption that SMEs invest less in cyber security than larger firms.
Malware attached to legitimate looking emails can cause complete disruption and infection of a company’s network, and all it takes to download is for one employee to open a link or download a file.
Hackers can gain access to user accounts/passwords through careful manipulation of obtainable data. By tricking an employee into giving out their password, the hacker can get access to the user account, and then they have access to the system and networks.
A hacker can modify a search query, or implement code in the URL, comments section, or form, that sends a request from the website to the database server, and returns the records of the database to the hacker. This allows the hacker access to unauthorised and private data.
Sending simultaneous hordes of URL requests to the server causes server-side bottlenecking, which denies user access, and allows the hacker to compromise the server.