A group of security experts issued this stark warning to firms at a roundtable event held by hosting solutions firm, UKFast, at its Manchester head office.
Asked if businesses should be afraid of hackers, the panellists cited statistics that show cybercrime costs the UK economy £27 billion a year, with £21 billion to businesses, £2.2 billion to government and £3.1 billion to citizens.
Data protection specialist, Tony Richardson, confirmed the motivations of hackers, telling the panel that each individual record or name is worth £1,000 in the cyber community.
He said: "People don’t realise how significant a threat it is, it seriously needs addressing. Unfortunately businesses need to be bitten once before they consider any kind of information security policy."
Discussing the difficulties presented by an ‘always on’ workforce that uses mobile devices to access all manner of company information, Philippe Jan, a cyber security specialist and lecturer at Lancaster University, said: "Businesses are facing a big problem. A firm’s internal systems are accessible from so many different devices including personal phones and other mobile devices and we have more or less lost the battle of keeping those devices secure.
"Years ago we had a very fenced-in network, you were in or you were out and therefore it was easy to defend against. Now, that fence has been blown away. The last frontier, the last battle we have to win is the one to protect the actual data.
"Because we have lost control of the end-point devices, and anyone can be accessing the data from anywhere and at any time, we need to focus on the end user and educate them," added Jan.
Stuart Coulson, of data security specialists Secarma, added: "Technology is everywhere now. You sit in a train carriage and the first thing everyone does is get their phone out. They're on Facebook and Twitter and they're texting. Everyone has a device in their pocket that is internet-enabled. We are going to see a massive push towards mobile devices and hackers will find more and more applications that they want to break."
Jonathan Bowers, UKFast's communications director, asked the panel how the threat from the external hacker compared to that posed by employees.
Richardson said: "As much as 50% of security breaches are as a result of malicious or accidental internal activities. There's no silver bullet. Security awareness needs to be brought to the table. Unfortunately very few businesses, even in the corporate sector, pay any more than lip service to it. We can keep throwing technical solutions at this problem but it’s the education, or rather the lack of it, that needs to be addressed."
Referring to reports that show less than 20% of organisations have any form of security awareness policy in place, Dave Whitelegg, of ITSecurityExpert, said: "Businesses are dropping their guard on this. They need to realise that hackers, the bad guys, are always out there testing the locks on your windows and your doors. The question is, what are you doing to secure those windows and doors?
"Most of the hack attacks are very simple, they've been around for over a decade yet businesses are still falling victim to them because they are ignoring the need for education amongst their staff."
Tips to guard your business from hack attacks: Start with a thorough review of your business, identify your key assets (machines, software, processes, people); Assess the threats that could materialise against those assets; Implement a program to mitigate those risks; Remember the biggest weakness is the people inside the business, so educate them on what they can and can’t do in every area of the business including what they can say on social networks and in the train carriage; Don’t wait until you have a serious security breach to take action. Do it today; 75% of attacks are aimed at the application layer and 85% of vulnerabilities lie in the source code, so train the people designing the applications, and the developers to take a secure approach.