24
I had already worked in IT for twenty years but when I started looking into ethical hacking it was a real eye opener. Pen testing (Penetration testing, or pen testing, is a safe, controlled attempt to break into your systems the same way a real hacker would) was interesting, but I realised it should be the final test rather than the first step. So I took a step back and built a full security and compliance stack for SMEs. These were tools that used to be enterprise only, but we found ways to make them affordable for small businesses. We still offer IT support, but security now sits at the heart of everything we do. I’m a small business. Why would anyone target me? Angus: A lot of small businesses ask why they would ever need cybersecurity or pen testing. What would you say to them? Carl: The idea that criminals are choosing targets manually is outdated. Most cybercrime is automated. Attackers send millions of phishing emails and automated login attempts and whoever responds or shows a weakness becomes the target. They do not know whether you are a sole trader or a multinational. They only care that something has worked. And it is incredibly easy for criminals to access the tools. On the dark web you can subscribe to ransomware tools for about the same price as an
tools for about the same price as an entertainment subscription. Combine that with huge databases of leaked email addresses and you can launch a large-scale attack in minutes. Angus: That reminds me of when one of your phishing tests nearly caught me. I had just closed a bank account and when a fake security alert dropped into my inbox I panicked for a moment. It shows how even people who think they are savvy can slip up when they are busy. Carl: Exactly. Criminals rely on distraction. Friday afternoons are a classic time when people are rushing, and that one moment of not thinking can cause huge problems. We have even seen criminals monitoring inboxes for months waiting for the perfect moment to divert a payment. Another thing small businesses forget is that they sit inside much bigger supply chains. A two-person business might be connected to a national retailer or a logistics provider. Criminals often break in through the smaller players to reach the larger ones. That is why more companies now insist on Cyber Essentials as a minimum requirement (Cyber Essentials is a UK government-backed certification that shows a business has the basic security measures in place to protect itself against common online threats).
Made with FlippingBook - professional solution for displaying marketing and sales documents online