The increasing use of unsecured wifi networks, online banking and cloud computing is leaving companies open to attack from cyber criminals, according to the head of the Scottish Business Resilience Centre (SBRC).
Mandy Haeburn-Little, the organisation’s director, warned that criminals “lurk behind online walls” and often pose as legitimate business contacts on the internet to obtain data which gives them access to money, intellectual property and customers’ details.
“Cyber crime is on our doorstep, costing Scottish businesses £5 billion each year,” she said. “This is a significant sum of money which goes straight into the pockets of criminality. The increasing number of virtual criminals that lurk behind online walls awaiting their victims to log on and fall prey to their malicious tactics grows daily.”
She added: “The internet has transformed everything we do and our economy is increasingly digital. It is vital to harness these opportunities but we must confront the growing digital dangers that could put us at risk.”
Small and medium-sized businesses are most at risk from cyber criminals, she said, as they do not have the resources to put in state-of-the-art IT systems to protect themselves.
She added: “Businesses must think of cyber crime as they would any other issue on their corporate risk registers. It is just one more aspect of how to protect their intellectual property, their competitive advantages, their customers’ data and their own reputations. Businesses should never see IT as a bolt-on. It should be seen as core to their business growth.”
Earlier this year, IT security provider Symantec issued a report stating that cyber crime costs the country significantly more than the illicit market in cannabis, cocaine and heroin combined.
The SBRC has urged companies to ensure that anti-virus software is regularly updated, firewalls are “patched”, and passwords are strengthened and frequently changed.
“Cyber attacks are becoming more sophisticated and orchestrated, usually going unnoticed until it is too late,” added Ms Haeburn-Little. “For example, a hacker may create a guise of a helpful business contact. After exchanging simple information such as an e-mail address, billing address or company details, the victim has given the hacker enough information to access seemingly secure files.”
Another criminal threat to businesses comes from card fraud, while the trend for many organisations – particularly smaller ones – to encourage their staff to bring their own devices such as mobile phones, laptops or tablets to work, can also leave a company open to security risks.
Colin Borland, head of external affairs for the Federation of Small Business Scotland, said: “Four in every ten of our members have been a victim of cyber crime in the last 12 months – putting the average cost at around £4,000 per business.”
He added: “The most common threat to businesses is virus infections, to which 20 per cent have fallen victim.”