Currently, it appears that more and more large company cyber attacks are being announced in the news, but what about everyone else?
Cyber attacks are happening on a regular basis and anyone can be affected by them, whether you are a small or large company, or a customer of an organisation.
2017 was named by the Online Trust Alliance (OTA) “the worst year ever in data breaches and cyber incidents around the world.” The OTA’s Cyber Incident & Breach Trends Report states that there were 159,700 total cyber incidents in 2017 and that 93% of breaches could have been prevented.
There are many types of cyber-attacks which can be carried out by people internal or external to a business. There are three common motives behind cyber attacks; political or social agenda, financial gain or an intellectual challenge. One of the most common attacks in the public eye are anonymous hackers encrypting information, such as customers’ personal data, and asking for money in return for the data, or for it not to be sold on, leaked or destroyed.
In January 2018, the UK government announced that energy, transport, water and health organisations working on critical national infrastructure programs could face fines of up to £17m if they do not have effective cyber security measures in place. This is to help crack down on companies leaving themselves vulnerable to attacks.
So how does a cyber attack affect a business?
A cyber attack can be massively detrimental to a business. Depending on the type of cyber attack, your business may be on lock-down or temporarily unable to trade due to systems being inaccessible. Your resources, such as IT, will be entirely focussed on resolving the issue and getting the company up and running again. It’s not just IT-related however, with around 75% of the UK having a social media account of one form or another, complaints often arrive in droves meaning customer support teams are working hard at fighting fires and trying to please customers.
It can also have a negative effect on the brand’s image – personal information is often compromised in a cyber attack, and lack of trust in a brand is a key reason why loyal customers change suppliers.
A cyber attack on a business can also have a negative effect on its finances. The UK Government published a report this year on cyber security breaches stating that the average cost to a business across all breaches was £1,230 and the average cost to a business across breaches with an outcome was £3,100.
With the recent introduction of General Data Protection Regulation (GDPR), legislation that limits how personal data can be processed and stored, an organisation can face penalties for a data breach. After a cyber-attack, the Information Commissioner’s Office (ICO) can conduct an investigation into the incident, and if found negligent, the organisation can be fined up to 4% of global turnover or €20M; whichever is highest.
What is the UK Government doing to prevent cyber attacks?
The UK Government has increased support for businesses by providing information about basic cyber security, free online training and a link to what you should do if you have been a victim of cyber crime or online fraud. The page can be viewed here.
They have also introduced a Cyber Skills Immediate Impact Fund (CSIIF) pilot. The UK Government introduced this pilot in February 2018 with the objective of increasing the number of those working in the UK’s growing cyber security sector. The funding was available to an array of organisations and in late summer 2018, the CSIIF will be opened again for more organisations to bid for funding.
In 2017, Hampshire Constabulary and Gloucester Constabulary launched an Operational Cyber Specials and Volunteers team trial, which consisted of 15 members. The team was comprised of volunteer industry experts and was established to help the police forces with their investigations. The trial was a success and similar schemes, involving both regular officers and volunteers are being investigated in other forces across the UK.
So how can cyber-attacks be prevented?
The National Cyber Security Centre has a lot of help and guidance on how organisations can protect themselves in cyber space here.
With their 10 preventative steps being:
- Set up your risk management regime – assess the risks to your organisation’s information and systems
- Network security – protect your networks from attack
- User education and awareness – produce user security policies
- Malware prevention – establish anti-malware defences
- Removable media controls – control all access to removable media
- Secure configuration – ensure the secure configuration of all systems is maintained
- Managing user privileges – establish effective management processes
- Incident management – establish an incident response and disaster recovery capability
- Monitoring – establish a monitoring strategy and produce supporting policies
- Home and mobile working – develop a mobile working policy
Stream Resourcing and the Cyber Security sector
Stream Resourcing specialises in finding candidates to help companies address their IT Challenges. Working across Software Development, Business Intelligence and all aspects of Cyber Security, we support companies in areas such as Defence & Aerospace, Consulting and Critical National Infrastructure in their recruitment challenges.
Our team is built of specialist consultants who work hard to develop their knowledge of each Information Security vertical in detail and using this knowledge they build specialist candidate skillset networks across the world.
If you have an IT or Information Security vacancy that Insignis can help to fill, please contact us at firstname.lastname@example.org.
Alternatively, if you are looking for a new IT and Information Security job role, you can conduct a job search on our website here:
To find out what roles we are hiring for, check out our latest jobs.