Skip to the content
Jack Smallpage, Information Security Officer at Chess, explains how businesses are vulnerable to cyber attacks regardless of size, plus things you can do to protect your business and improve your cyber security.

Big or Small, Cyber Crime Targets Us All!
Big or Small, Cyber Crime Targets Us All!

Cyber security can be a difficult topic to understand and visualise, especially when you don’t have the tools to help. Like bacteria, it’s difficult to detect with the naked eye and without these proper tools to help you detect it, you can find yourself lured into a false sense of security.

It’s easy to think that larger companies are the ones being primarily targeted, but this is largely in part due to the tools and measures they have in place that allow them to detect what smaller or less equipped businesses are likely unaware of.

In fact, a recent study showed that employees of a small business received 350% more social engineering attacks than employees of larger enterprise businesses in 2021. Cyber criminals aren’t stupid and the fact smaller businesses often lack the security protections and tools larger businesses have, makes them an attractive target – so lets go ahead and help prevent that being you!

Common Attacks & Tell-tale signs

Attackers leverage a variety of methods to try and compromise our networks. Being aware of these methods can help you understand where best to place your defences. The following are just some of the common methods used:

Phishing: With research highlighting that 91% of all cyber-attacks start with a phishing email, it’s no wonder that this method of attack is the most common. Phishing emails appear genuine but are actually fake. They usually try and trick you into revealing sensitive information or contain links/attachments which are infected or otherwise malicious.

Malware: Malware is one of the methods that we likely all know and attribute to cyber-attacks. Malware can come in a long variety of forms such as virus’, trojans, rootkits and ransomware just to name a few. Malware will usually require a user to take an action to install or deploy the malware at some stage and so it pairs nicely with phishing attempts!

Zero-day Exploit: Vulnerabilities are security flaws in a system which in many cases are exploitable by an attacker. The most dangerous of which are known as “Zero-day Vulnerabilities”. Zero Days refer to an exploitable vulnerability which has been announced or detected BEFORE a patch is released/implemented. In this small window of time, attackers can exploit the vulnerability where no solution exists. Detecting these and preventing these attacks therefore require constant monitoring,  threat management and use of mitigations to help protect your network till the patch arrives.

Passwords: As the default method for securing accounts and information, it is no wonder that attackers want them. Once they have your password, they have access to the information you hold. They can get these passwords through social engineering, brute-forcing/guessing, compromised databases, intercepting them through unencrypted transmission, guessing them or through phishing as mentioned above!

Denial-of-Service: By flooding systems, servers and networks with traffic to overload resources and bandwidth, a DoS attack can prevent users and systems from processing legitimate requests. A variation of this attack is also known as DDoS (Distributed Denial of Service) which launches the attack from several infected hosts with the usual goal of service denial and taking a system offline.

SQL Injection: This is where attackers insert malicious code into a server using query language. Usually submitting code in unprotected website or application comment/search boxes or forms to then surface protected information from the backend. SQL input sanitization is the easiest way you can help combat this method of attack.

Cross Site Scripting: Whereas SQL injection is injecting code with the aim of targeting the database/backend, an XSS attack injects malicious code into the website itself to trick it into sending data in a form that a user’s browser can execute.

Man in the Middle: Usually achieved by exploiting a vulnerability in a network (such as unsecured public WiFi etc), this method allows an attacker to place themselves in the middle of a transaction/communication by interrupting the traffic to steal and manipulate the data in transit.

Book a Free 30-minute consultation

How can you protect your business?

Visibility is a major factor when dealing with your businesses Security. You can’t fight what you can’t see and when you can’t see the problems, you’re lured into a false sense of safety which ultimately benefits the attacker.

Penetration tests and Vulnerability Assessments

A great way to kickstart your security plan is to obtain a “snapshot” of your security posture with a penetration test or vulnerability assessment. A vulnerability assessment scans your businesses computers, systems, and networks for any security vulnerabilities you could be exposed to and rates them in order of severity. They are typically conducted when a full penetration test may not be required, or as an ongoing monthly or quarterly scan in between any manual penetration testing to ensure no changes or vulnerabilities have been introduced to the environments since the last penetration test. These vulnerabilities once detected, can usually be solved by patching the relevant system or applying a recommended configuration change.

A Penetration test is similar to the above, however is consultant-led, provides greater depth, and includes the chaining of vulnerabilities. Rather than reporting on every single vulnerability on your network, it is designed to instead simulate an attack and identify vulnerabilities that can be exploited by a threat actor to achieve a variety of malicious goals.

These solutions are offered in tandem as an “Infrastructure Test” by our skilled penetration testers who can walk you through the process and help you understand each finding, so you can progress with your security plan with confident knowledge rather than nervous acceptance!

Security Monitoring

Once you’ve identified where and what your vulnerabilities are and had them patched or mitigated, you should now start looking at solutions which help monitor your network and security posture moving forward whilst also deploying automation on key areas to help make a small team respond like a large one.

Solutions like Microsoft Defender for Business help provide a single platform with security and device management capabilities with functionality like Email Protection, Vulnerability management, automated investigation, response and alerting as well as Security recommendations and attack surface reduction rules. Tools like this allow you to quickly create and modify policies which you can deploy across your network without having to dart between multiple systems.

What about Quick Wins?

The above protections are a fantastic way to lockdown your business and gain control over your security posture. With the help of automation and tools, you can reduce the strain on your teams, resource requirement and comfortably control your infrastructure’s security with clear oversight and alerting.

However, if you’re still really nervous about that initial leap, you can find more “quick win” ways to protect your business.

Quick Wins to be Cyber Secure            Read the NCSC Guidance

Please reach out if you want to talk about protecting your data from cyber attacks. Book your free 30-minute security consultation. Get advice from industry experts on how secure your business. Request here >

Recommended Content

Quick Wins to be Cyber Secure

Quick Wins to be Cyber Secure

Jack Smallpage, Information Security Officer at Chess, explains the five simplest things you can do to protect your business and improve your cyber security.

Finding Your Cyber Security Weaknesses

Finding Your Cyber Security Weaknesses

Adam Gleeson, Vendor Alliance Manager at Chess, offers insight into how cyber security vulnerability assessments can help businesses protect and improve their systems. 

Jack Smallpage

Jack Smallpage

Jack Smallpage is the Information Security Officer at Chess. He creates and maintains our security policy, takes lead in a variety of compliance certifications and security projects and acts as the company security liaison for security incidents, BCDR planning, GDPR compliance and risk management.

Speak to a Product Specialist

You can fill out the form and one of our product specialists will contact you shortly with more information.
To contact our Sales team directly, please call 0344 770 6000 and choose option 4.
Customer Service
For general queries or to report a non-urgent fault, please log a ticket on our customer portal using the email address associated with your account. Logging a ticket is quick and easy to do. Once you have logged your ticket, we will respond within 24 hours or your Service Level Agreement, whichever is quicker.
I agree for my information to be used for marketing communications.
Chess Privacy Notice

By submitting your personal information through this form, you consent to your information being processed in accordance with the Chess group privacy notice.