Business attacks on the up as hackers leave banks alone

Banks are out and businesses are in – that’s the message from cyber security experts around the world. A report by the Lloyds Banking Group at the close of May showed that its security team saw an 80% to 90% drop in cyber-attacks over the last year.

hackers hacking
“Data Thief – Hacker – Cyber Criminal” (CC BY-SA 2.0) by perspec_photo88

Despite banks traditionally being a target for hackers, the latest revelation from Lloyds’ digital boss Miguel-Ángel Rodríguez-Sola suggests that cyber criminals are moving in a different direction as we head further into 2016.

Part of the reason for Lloyds drop in attacks is a greater focus on security and protecting its system from both established and emerging attacks. Stating that the bank has implemented more “layers” of protection, Rodríguez-Sola has found that attacks, most notably DDoS attacks, are one-tenth of what they were in 2015 and he plans to continue this trend as we head further into 2016.

From banks to businesses

So, if hackers aren’t targeting banks in the same way they once were, which industries are they targeting? Published just before Lloyds security report was the news that businesses are failing to protect themselves against an increased number of cyber-attacks. As reported by the UK’s Department of Culture, Media and Sport, 66% of large businesses have come under attack in recent months.

Delving further into the stats, seven out of ten attacks involve viruses, spyware and malware, and companies are now being urged to arm themselves against further attacks in the future. However, it’s not just big businesses that are coming under increasing pressure from cybercriminals. According to Symantec, almost 50% of the world’s cyber-attacks in 2015 were carried out on small business.

Seen as soft targets by hackers, companies with fewer than 250 employees were subjected to malicious codes, spam, phishing attacks and bots. As it is with large businesses, smaller enterprises are being told to brace themselves and beef up their online security as hackers focus less on banks and more on vulnerable business targets.

Security is now cheaper and more effective

Fortunately, security is not only getting more advanced but it’s getting cheaper. A Web Application Firewall (WAFs) is an effective website security tool that forms part of a wider set of defence mechanisms such as bot protection, access control and login protection.

By using signature ID analysis to recognise malicious site visitors, monitoring IP addresses to see if they’re static or changing and picking out irregular page visits, WAFs can protect virtually every aspect of a company’s online identity. What’s more, because the software is cloud-based, it means companies can tailor their products to suit each client which, in turn, results in lower costs for everyone involved.

As well as being more cost effective, WAFs are also more secure than traditional Intrusion Prevention Systems (IPS) simply because they have the ability to detect threats in a more in-depth fashion. In general, an IPS will simply sit in-line and watch packets of data as they flow through it. While an IPS can be programmed to react to things it detects (rather than simply analysing data against what’s “normal” in its database), it still doesn’t understand web application protocol logic.

This inability to detect whether something is wrong at the application layer (otherwise known as OSI Layer 7) means that an IPS is vulnerable to more attacks and can throw up more false positives. In contrast, a WAF has the ability to analyse behaviour and requests so that it can prevent web-based attacks that an ISP can’t recognise. The end result is a more secure system and cheaper overall running costs when using a WAF.

Don’t make the same mistakes as banks

Essentially, what the latest reports show us is that businesses are now the primary target for cybercriminals. With banks bulking up their security and making it tougher for hackers to get in, those with bad intentions are naturally moving towards software targets. Unfortunately, for small business owners, they’re the softest targets at the moment.

While there are certainly ways for small businesses to protect themselves, such as WAF services, many are still ignoring the increasing threat from hackers. If you’re a business owner, the message is clear: don’t make the same mistake that banks did in the past. Although major institutions are now battening down the hatches and experiencing fewer attacks, it’s only come after years of threats and fear.

With hackers now turning their attentions towards small businesses, the aim of every company owner should be to learn from the bank’s mistakes, take the easy road and secure their systems using the most cost-effective options on the market today.