In today’s modern connected world cyber security matters and is vital for protecting our crucial infrastructure. The threat of cyber-attacks is now a worldwide concern, as high-profile breaches create fear that cybercrime could endanger the global economy.
McAfee reported in February 2018 that cybercrime costs organisations close to 600 billion dollars a year. That is 0.8 per cent of global GDP. The cost has increased from 2014 that predicted global cyber losses at 445 billion dollars.
Looking to the future as networks continue to expand and connectivity increases, the importance of cyber security has never been so relevant as we all seek to protect ourselves and our data from the threat of being exploited.
Back in 2012 FBI Director Robert Mueller was highlighting why cyber security is important and the inevitability of cybercrime: “There are only two types of companies; those who have been hacked and those who will be.”
However, what can organisations do to ready themselves against cyber threats? What specialist assistance is available to minimise and mitigate cyber risk? How can organisations recover quickly from an attack?
Cyber security is everyone’s concern
Here are the key findings from a recent study by the UK government on cyber security (Cyber Security Breaches Survey 2018):
- More than four out of ten organisations (43 per cent) and two out of ten charities (19 per cent) suffered a cyber security breach or attack in the last 12 months
- 74 per cent and over half of all charities claimed that cyber security is of high importance for their organisation’s board
- Nevertheless, only three out of ten companies (27 per cent) have instated cyber security policies
What is cyber security?
Cyber security has received many definitions over the years, however as a continually evolving area of security so does the scope of what cyber security entails.
Cyber security is principally the approach and actions related to security risk management processes followed by organisations. All those who operate within cyber security look to protect the privacy, integrity and availability of data and assets.
The concept of cyber security includes policies, procedures and safeguarding measures, as well as technology and training to deliver the most comprehensive level of protection for the environment and its users.
What is the real impact of a data breach?
The average cost of a breach (Cyber Security Breaches Survey 2018)
- £22,300 - Large business
- £2,310 – Small to Medium Enterprises (SMEs)
Financial and reputation damage - Cybercrime can disrupt and damage an organisation financially as well as harming their reputation.
Data loss - By suffering a breach, an organisation could face losing critical data and business assets.
Remediation - There is also the cost of remediating the problems caused by the attack and stopping further attacks.
Legal impact - If the company is found to be liable for the attack, by not putting in place appropriate cyber defences, then they could face regulatory fines and litigation.
Why cyber security matters for small and medium business?
A surprising 45 per cent of SMEs wrongly do not believe they are a target for cybercrime.
Regardless of the business size or status, cyber security should be of board /director level importance, and that message disseminates throughout the organisation.
Where data and assets reside in computer networks businesses will continue to be the target of criminals.
Therefore, small and medium enterprises like the larger corporate organisations must protect their information at all times.
What are the most common cyber-security threats?
Any organisation with an internet presence are at plausible risk of a cyber attack. Moreover, as FBI Director Robert Mueller highlighted in 2012, it is not a matter of if you will be attacked, but when.
With the threat of cyber security so real and prominent it is vital that organisations realise their risks and learn how to mitigate them.
An overview of cyber-attacks
- A cyber-attack occurs when cybercriminals try to overthrow or successfully destroy an IT network
- A cyber attack is an offensive tactic that targets both organisational IT systems as well as personal computer devices
- Cyber attackers come in a variety of forms from nation-sponsored hackers through to lone wolf individuals, to groups and societies
- Often cybercriminals remain anonymous
- The criminals use malicious code and software to infiltrate IT systems to steal information and data which they will then sell or use to blackmail their victims
In the vast majority of cybercrime cases attacks are randomly automated. The criminals look to exploit known vulnerabilities rather than targeting specific organisations.
The reality is your organisation could be suffering a breach right now, and you might not even be aware.
There are two main categories of cybercrime; they derive from breaches of data security and sabotage:
Data security breaches
- Theft of personal data
- Intellectual property (IP)
- Trade secrets
- Attack of a service
- Disable systems and infrastructure
Latest threat news to be aware of:
Malicious scans are present in WordPress plugins - Cybercriminals are scanning WordPress websites using vulnerable versions of popular plugins that could give them access to overthrow websites and servers. (ZDNet)
New malware - Kronos or "father of Zeus" is a destructive banking malware found in malicious email campaigns. It was first detected in 2014 and has made a reappearance in 2018 by exploiting a vulnerability found in the Microsoft Office application. (ZDNet)
Phishing - A recent report on phishing cites that one in every one hundred emails is now part of a phishing hacking bid. (FireEye)
Ransomware - Ransomware occurs when hackers use malicious software to threaten and publish the victim's data or continually block access to it unless they pay a ransom
An example of targeted attacks of this kind includes the infamous May 2017 WannaCry ransomware attack. During the four days, the WannaCry attack affected more than 200,000 victims, and 300,000 computers were infected.
Cybercrime Estimated Daily Activity
Cybercrime Estimated Daily Activity
Estimated Daily Activity
How should businesses plan against cyber-security attacks?
By creating a cyber security plan for your business, your organisation will build a solid foundation to mitigate and reduce the effects of a cyber attack.
The first step in creating your plan is to engage with a cyber security specialist like Nettitude. What you are looking for is a long-standing cyber partner that is recognised in the field and looks at securing the organisation’s technology, but also its people, processes and policy.
To develop a robust cyber security strategy, you should work with your security partner by addressing these initial three steps:
- Identify and protect critical items within the business
- Develop a roadmap, creating a higher level of overall security maturity
- Employ best security practices to help execute the security program
What are the legal obligations when it comes to protecting your clients and customers data?
Here are information and links to the key cyber security legislation applied in the UK:
GDPR and NISD
- General Data Protection Regulation 2016/679 (GDPR) - On the 25 May 2018 GDPR became directly effective in the UK.It will remain directly active for so long as the UK remains a member of the European Union.
- Network and Information Security Directive 2016/1148(NISD) The NISD includes all member states of the European Union and came in to effect from the 10 May 2018.
The Impact of Brexit on cyber security laws
- In June 2016, the UK voted in a referendum to leave the European Union in a historic move referred to as Brexit. At the beginning of September 2018, both the timing and impact of Britain’s exit from the UK on data protection law is uncertain.
Cyber security Legislation
- The Communications Act 2003is regulation for those providing electronic communications networks and services
- Privacy and Electronic Communications (EC Directive) Regulations 2003
- The Data Protection Act 1998details regulation for processing information and the obtaining, holding, use or disclosure of such information
- The Computer Misuse Act 1990 stipulates what constitutes as hacking offences
- The Official Secrets Act 1989 refers to national security