The threat of a cyber security attack to UK businesses is an ever-growing risk. As the numbers rise and the frequency quickens, it is becoming more and more essential that each and every organisation across the country invests in a cyber strategy. It is only by applying these processes and guarding against potential breaches that the likelihood of an attack can decline. Statistics from the BIS 2014 Information Security Breaches Survey indicated that 81% of large organisations have experienced a breach in some way, with costs ranging from anywhere between £600,000 and £1.5m as a result. Two years on, the situation is even more serious.
Ransomware is a particularly malicious form of malware that gains access to a user’s system and then proceeds to prevent them from accessing their own data. In some cases, the files on the system are encrypted so as to be irretrievable without the key, and in others access is simply denied to the device’s owner. In both situations the hacker will demand a ransom is paid to unencrypt the files or have access given back to the user.
For small and medium sized businesses across the UK there appears to be a real disregard for cyber security. When implementing Health and Safety processes you will find that most companies are attentive, and when isolating potential HR nightmares they are vigilant, but when it comes to protecting their data, and the data of their clients, the response is sadly lacking. In many ways this is to be expected. The ‘Digital Age’, although in full swing, is still something that is being adapted to, and businesses becoming more and more aware of the possibility technology holds.
Many people see 2015 as the year that data breaches and hacking were brought to the fore for businesses across the globe. From Ashley Maddison, to TalkTalk, the major brands experienced huge upheaval, thanks to the weaknesses in their online security systems being expertly exploited by cybercriminals. Interestingly, off the back of what was a disastrous year for many, January 28th 2016 was coined as #DataProtectionDay, with an awareness campaign organised to tackle the ignorance surrounding security.
As a business based in Harlow, it is a worrying statistic that, outside of central London, Essex has the highest amount of recorded cyber fraud of anywhere in the United Kingdom. In the past 6 months alone, there have been 6,679 fraud cases documented. Of that figure, 66% were related to business, and 25% (a quarter of the full figure) were to do with cyber-crime. We are not talking about small data breaches either. One company was the victim of a malware attack that cost them in the region of £80,000. The scariest part of all? That staggering sum was lost in just 10 minutes.
Many view the services of cyber security specialists as a way to protect against faceless, nameless hackers who are sending harmful attacks externally. By putting up walls around your network, and manning them on your behalf, these companies keep your organisation safe from attack, and breaches of confidential data. An issue that is becoming more and more prevalent in the security industry though, is the insider attack. It has highlighted the fact that just because the wall is up, it doesn’t mean that you are safe from a data breach, either from an intentional act, or an accidental one.
For many in the cyber security spectrum, 2015 was considered ‘The Year of the Hack’. A record number of attacks, of all varieties and levels of viciousness, were undertaken last year, bringing digital security and online protection to the forefront of both people’s minds, and the media’s attention. Many companies will feel that they have now caught up again, and feel safe from potential hacks. This is though, in reality, a false security. Whilst businesses have been playing catch-up, criminals have been evolving their own methods, and will always be looking to find that advantage that keeps them one step ahead in the game.
When it comes to cyber security attacks, by far the most common is that of phishing. This form of attack is performed by criminals who acquire sensitive or personal information from victims through the use of deception. Hundreds, if not thousands of emails will be sent out to unsuspecting recipients, and made to look as if they have been sent by a reliable source, for example a bank or some other trusted organsiation. In reality this is a rouse in order to gain access to your confidential data, such as usernames, passwords or credit card details, or, failing that, they may instead look to utilise your mail server and send emails to your contact list.
When it comes to digital security, the use of third party firms to supply you with IT solutions is generally a risky option. A third party firm is anyone who you pay to supply IT services, and that has access to your data. You may rely on a company to store certain documents, for example. The risk here is that your data is exposed to their system administrators to view, share and, should they choose to, sell. This potentially valuable data could find its way into the hands of your competitors, and cause irreparable damage.
The cloud is a fantastic piece of ingenuity. The ability to store huge amounts of data away from your machine creates a wealth of space, as well as ensures that your documents are accessible from anywhere on the globe. The cloud as a concept is a brilliant one, and gives companies the ability to sell software as a service. Rather than simply sell a customer a storage device, they are able to instead charge an ongoing rate. Big industry names, such as Salesforce and Sage, are such big hitters in the market thanks in part to their ability to utilise the cloud to create a more seamless experience. Everything about the cloud seems to work. Everything except its security.