Cyber-attacks are still on the rise - independent internet service provider for UK businesses, Beaming, reports that in the last quarter of 2024, the average number of cyberattacks encountered by UK businesses exceeded 2,000 a day.
And this is year is unlikely to bring any let up on this ever-increasing cyber security threat, particularly for SMEs and micro businesses who often have fewer resources and smaller IT budgets which cyber criminals can exploit.
Here, the WCRC predicts the following five cyber threats that will be most impactful for 2025:
Ransomware attacks increasingly targeting small businesses.
Ransomware will continue to be a major threat, with a continued increase of "double extortion" attacks where criminals demand payment to decrypt files but also a further payment to ensure data is not released. Criminals will increasingly target SMEs which often lack the sophisticated infrastructure of larger organisations and may not have proper backups.
It is likely that criminals will look to target SMEs with more sophisticated emails or exploitation of unpatched systems, which can have significant impacts on business continuity, financial and reputational consequences.
2. Criminals increasingly making use of Artificial Intelligence (AI)
a. AI will increasingly be used by criminals to launch large-scale attacks without needing a high level of expertise. AI will allow for more sophisticated phishing attacks to be generated, the automation of attacks on known vulnerabilities (especially in outdated software commonly used by SMEs), and the creation of malware that has been designed to overcome traditional security and detection defences.
b. With AI tools, such as ChatGPT, becoming more available and being increasingly used by businesses and staff, there is a risk of data breaches through the sharing of sensitive data with external AI platforms.
Increasing incidents of supply chain attacks
Criminals will continue to gain access to organisations by compromising their supply chains. Larger organisations will often have SMEs in their supply chain that can be used as a stepping stone by exploiting their less mature or less sophisticated cyber security. Targeted Business Email Compromise (BEC) and phishing attacks will focus on SMEs that may have lower email security protocols, looking to trick staff into sharing credentials or making fraudulent payments along with spoofed emails pretending to be from managers or clients.
4. Increased exploitation of Cloud Vulnerabilities
Many SMEs are moving to cloud services, but if they are poorly configured or have weak access controls they can be targeted, especially if there are weak password policies and an absence of Multi Factor Authentication (MFA). These attacks could also focus on Internet of Things (IOT) devices where criminals exploit poorly secured and unpatched devices such as CCTV cameras allowing them to gain access to networks and potentially breach your cloud storage.
5. Increasing exploitation of human
SMEs and micro businesses often have little or no cybersecurity training for staff, meaning that they can be particularly vulnerable to social engineering. This means that they may be tricked into revealing sensitive information, compromising their accounts or even bypassing security controls that are in place. Cyber criminals may increasingly target social media platforms, using personal data for targeted scams and impersonations. We have already seen the rise of AI created ‘deepfakes’, and it is likely that these will become more widespread and even more convincing.
What measures do SME’s need to take?
Implement MFA and strong password policies.
Regularly update and patch systems, including IoT devices.
Invest in cybersecurity training for employees.
Perform regular data backups and test restoration capabilities.
Ensure Anti-virus and firewalls are in place and correctly configured.
For cyber security resources, toolkits, regular cyber news, threat updates and more, sign up for the centre’s FREE membership programme.
Comments