For small and medium sized businesses across the UK there appears to be a real disregard for cyber security. When implementing Health and Safety processes you will find that most companies are attentive, and when isolating potential HR nightmares they are vigilant, but when it comes to protecting their data, and the data of their clients, the response is sadly lacking. In many ways this is to be expected. The ‘Digital Age’, although in full swing, is still something that is being adapted to, and businesses becoming more and more aware of the possibility technology holds.
Many people see 2015 as the year that data breaches and hacking were brought to the fore for businesses across the globe. From Ashley Maddison, to TalkTalk, the major brands experienced huge upheaval, thanks to the weaknesses in their online security systems being expertly exploited by cybercriminals. Interestingly, off the back of what was a disastrous year for many, January 28th 2016 was coined as #DataProtectionDay, with an awareness campaign organised to tackle the ignorance surrounding security.
As a business based in Harlow, it is a worrying statistic that, outside of central London, Essex has the highest amount of recorded cyber fraud of anywhere in the United Kingdom. In the past 6 months alone, there have been 6,679 fraud cases documented. Of that figure, 66% were related to business, and 25% (a quarter of the full figure) were to do with cyber-crime. We are not talking about small data breaches either. One company was the victim of a malware attack that cost them in the region of £80,000. The scariest part of all? That staggering sum was lost in just 10 minutes.
Many view the services of cyber security specialists as a way to protect against faceless, nameless hackers who are sending harmful attacks externally. By putting up walls around your network, and manning them on your behalf, these companies keep your organisation safe from attack, and breaches of confidential data. An issue that is becoming more and more prevalent in the security industry though, is the insider attack. It has highlighted the fact that just because the wall is up, it doesn’t mean that you are safe from a data breach, either from an intentional act, or an accidental one.
For many in the cyber security spectrum, 2015 was considered ‘The Year of the Hack’. A record number of attacks, of all varieties and levels of viciousness, were undertaken last year, bringing digital security and online protection to the forefront of both people’s minds, and the media’s attention. Many companies will feel that they have now caught up again, and feel safe from potential hacks. This is though, in reality, a false security. Whilst businesses have been playing catch-up, criminals have been evolving their own methods, and will always be looking to find that advantage that keeps them one step ahead in the game.
When it comes to cyber security attacks, by far the most common is that of phishing. This form of attack is performed by criminals who acquire sensitive or personal information from victims through the use of deception. Hundreds, if not thousands of emails will be sent out to unsuspecting recipients, and made to look as if they have been sent by a reliable source, for example a bank or some other trusted organsiation. In reality this is a rouse in order to gain access to your confidential data, such as usernames, passwords or credit card details, or, failing that, they may instead look to utilise your mail server and send emails to your contact list.
When it comes to digital security, the use of third party firms to supply you with IT solutions is generally a risky option. A third party firm is anyone who you pay to supply IT services, and that has access to your data. You may rely on a company to store certain documents, for example. The risk here is that your data is exposed to their system administrators to view, share and, should they choose to, sell. This potentially valuable data could find its way into the hands of your competitors, and cause irreparable damage.
The cloud is a fantastic piece of ingenuity. The ability to store huge amounts of data away from your machine creates a wealth of space, as well as ensures that your documents are accessible from anywhere on the globe. The cloud as a concept is a brilliant one, and gives companies the ability to sell software as a service. Rather than simply sell a customer a storage device, they are able to instead charge an ongoing rate. Big industry names, such as Salesforce and Sage, are such big hitters in the market thanks in part to their ability to utilise the cloud to create a more seamless experience. Everything about the cloud seems to work. Everything except its security.
In digital security terms, 2015 has been the year of the major corporation hack. With Ashley Maddison in September, Carphone Warehouse in August and now TalkTalk, Weatherspoons, VTech and Marks and Spencer all in the past month, yes, 2015 really has been an incredible year for highlighting the ineptitude and naivety with which the companies we trust hold our personal data. Despite how things seem though, these ‘leaks’ may actually be a blessing in disguise and good news for individuals, as well as bad.
When a cyber-attack hits a major, national company, the affect it has is obviously widespread. TalkTalk are one of the more recent cases were a data leak has created scandal in the media and, more importantly, severely impacted on people’s lives. The attack is likely to cost the company up to £35million, with 157,000 customer’s having suffered from their personal details being leaked, from addresses and phone numbers, to bank accounts and sort codes.