Businesses are more reliant on technology than ever before and while it offers a host of obvious benefits, it also poses some worrying security challenges.
According to the UK government, businesses experienced approximately 7.78 million cybercrimes in 2023, which affected organisations of all sizes across every sector.
In this article we take a closer look at how cyberattacks happen, how they affect businesses and what preventative measures you can take to protect your data.
What are the most common types of cyberattacks?
Whilst there are many types of cyberattacks that pose a threat to businesses, the most common tend to be:
- Phishing: A type of cyberattack that uses phone, email, social media and smartphones to convince an individual into sharing sensitive information such as account numbers or passwords – or to download a malicious file that installs a virus on their computer.
- Malware: From trojans and adware to ransomware and rootkits, there are lots of different types of malware. It is malicious software designed to harm a network, server or individual computer.
- Distributed Denial of Service (DDoS): This is another malicious attack that overloads a network with false requests to disrupt business operations. Users can then struggle to access websites, email and other resources connected to that network.
Bad actors can also design attacks that involve supply chain attacks, DNS tunnelling and IoT-based attacks.
How do cyberattacks affect UK businesses?
Some facts about the ways cyberattacks affect businesses of all sizes:
- According to a 2023 study conducted by internet service provider Beaming, cybercrime cost the UK economy £20.5 billion last year.
- There was a 42% increase in breaches for small businesses, with cybercrime costs rising by almost 400%.
- 27% of UK firms fell victim to cybercrime last year, paying an average of £5,500 to recover data, replace IT assets and cover financial penalties.
- Small-to-medium enterprises saw the biggest rise, with 11 to 50 employees (42%) being affected the most. Attacks on larger companies (250+) and the smallest (one person) decreased.
- Phishing was the most common type of cybercrime, which claimed almost 680,000 victims.
- In a separate survey conducted by payment software firm Sage, almost half of the SMEs experienced a cyber security incident in 2023, with a quarter reporting multiple attacks
Case Study 1: NHS Ransomware Attack
In June 2024, Synnovis – a partnership between London hospital trusts and Synlab – was attacked by hackers using ransomware. Over 400GB of confidential information was stolen, with the hackers attempting to blackmail Synnovis for $50 million. The cyberattack resulted in more than 3,000 GP and hospital appointments and operations facing cancellation or delay. At the time of posting this blog, the investigation is still ongoing, although it is expected to lead to vast cybersecurity improvements across the board in the NHS.
Case Study 2: AT&T Data Breach
AT&T said that the personal information of 73 million former and current customers was stolen by hackers in 2019. However, the data was only discovered on the dark web in March 2024, including social security numbers and account information. New passcodes were issued to existing customers, whilst former customers were given free access to identity-theft and credit-monitoring services through Experian's IdentityWorks for one year.
How can businesses prevent cyberattacks?
Here are five effective steps you can take to safeguard your business against the threat of cyberattacks:
1. Backup your data: Once you have identified the critical date you need to back up, use a method that will ensure it is kept separate from your computer or existing server. Cloud storage could be an option, as it separates your data from your location, whilst also making it instantly available without having to invest in storage hardware.
2. Provide staff training: Many cyberattacks rely on stealing passwords and data by tricking employees into sharing the information or through hidden malware. Staff training can help employees to identify potential issues and breaches, whilst offering guidelines on how to prevent an attack.
3. Update and patch systems: Ensuring your systems receive the latest relevant updates and patches can significantly strengthen cybersecurity measures. Not only can it address bugs and vulnerabilities, but it can also improve system performance and stability.
4. Strong access controls: By implementing a strong access control policy for your business, it minimises risks by ensuring only authorised systems and users can use certain resources. This reduces the threat of a security breach – which can happen both externally and internally.
Conclusion
Unfortunately, cyberattacks are a fact of life for every business, so firms of all sizes need to be aware of the threats they pose and what they can do to prevent them. Billions of pounds are lost each year due to cybercrime and it can not only compromise your company, but the lives of your customers. Use our guide above as a start point to review your current processes to see where changes can be made and positive actions taken.
