The landscape of cyber threats is ever-evolving – reflecting the current dominance of digital advancements (AI, anyone?) in our work and personal lives. With reports of ransomware attacks and data breaches becoming more and more common, how concerned should you be about your business’s cyber security?

Motivations behind cyber crime

There are differing motivations behind cyber attacks, though among ‘black hat’ hackers – your stereotypical cyber criminals who work to break into personal networks and devices to steal sensitive data – financial gain is the most common. A Verizon study from 2023 involving multiple countries, including the UK, revealed that the majority of data breaches (97%) were money driven.

With online hacking groups focusing their efforts where they can cause the most damage , law firms are among those considered a valuable target due to the abundance of sensitive data and privileged information stored in their networks. Once such data is obtained, it can be held for ransom and/or sold on the dark web. Sensitive data can often be lucrative in the virtual underworld.

Other motives include reputation. For some cyber criminals, it’s all about the thrill of overcoming security measures and infiltrating systems. These individuals frequently target high-profile organisations, deeming a successful breach a personal triumph. However, the consequences of these breaches can be severe, compromising customer trust and damaging a business’ reputation.

An example of this is the 2014 cyber-attack on Sony Pictures Entertainment, a breach that exposed sensitive employee data, private email exchanges and unreleased films. As a result, Sony Pictures faced extensive reputational damage, as well as significant financial loss.

More recent examples include Royal Mail, who were targeted by ransomware group ‘Lockbit’ last January, and ‘magic circle’ law firm Allen and Overy later the same year. With the hacking group taking credit for the latter attack on their website, clearly keen to claim the high-profile breach, this suggests media coverage and notoriety among cyber criminals may be another motivational factor.

Does size matter?

Though the rewards of targeting sizeable organisations are greater if successful, smaller firms are also at risk.

Cyber threats don’t discriminate by company size. In fact, smaller businesses are often seen as softer targets by cybercriminals because they assume security might not be as robust.

One of the biggest challenges companies face now comes with the interconnectedness of modern supply chains. Cyber criminals can exploit weaknesses in these supply chains to compromise multiple entities simultaneously, meaning the security of every link in the chain becomes crucial, requiring strict vetting processes and a collaborative approach.

Reducing your risks of a cyber attack

To reduce risk, companies need to implement multiple layers of security. Cyber security is not a one-size-fits-all solution. In order to create a robust defence system, you need an in-depth defence strategy, including firewalls, antivirus software, intrusion detection systems and regular security audits. This multifaceted approach ensures that any vulnerabilities are addressed at various levels, rather than ‘divide and conquer’ think ‘divide and defend’. The challenges lie in both trying to prevent these attacks, but also devising effective recovery strategies should your network and data be targeted or compromised.

While emphasis is often placed on the implementation of robust technology, cyber threats can also be largely mitigated through training, education and awareness. A proactive approach to cyber security will always be the best way to minimise your company’s susceptibility to threats from cyber criminals.

Cyber security support from ESA Risk

If you need advice or support on anything cyber security-related, contact Ben Brown, Cyber Security Consultant at ben.brown@esarisk.com, on +44 (0)343 515 8686 or via our contact form.