Cyber attacks can affect any business or organisation, regardless of size or industry. We hear about the extreme attacks involving large organisations such as the NHS, British Airways, Facebook…. the list goes on. However, what we don’t hear about is, in the last 12 months, 43% of all UK based businesses and 19% of charities experienced a cyber security breach or attack, according to a Government survey.
Historically it was organisations in the financial services industry that were most targeted. But today any business is fair game. The North East Cyber Crime Unit (NERSOU) is so concerned that many businesses in the region are underprepared when it comes to cyber threats, that they hosted a series of cyber breakfasts earlier in the year to urge businesses to protect themselves from this growing menace.
And hackers are not just restricting themselves to businesses. Research from Big Brother Watch, a civil liberties and privacy campaigning organisation, states that 114 local councils were breached between 2013 and 2017 . Indeed, Mansfield and Chesterfield Councils suffered eight attacks and one data breach during this time.
But it’s not just your customer data that needs protecting. Mansfield-based Sports Direct’s internal systems were hacked in September 2016, leading to unencrypted staff data being stolen. To make matters worse, the company didn’t even notice the breach until three months later.
While there’s no doubt the threat is real and ever-present, cyber security isn’t an insurmountable challenge. There are ways to protect your business and effectively mitigate the risk of an attack.
So where do you start?
Know what you’re dealing with
You needn’t be a cyber security expert, but it helps to understand the threat landscape. Whereas some cyber criminals do target specific companies (for varied reasons from hacktivism to ransomware to corporate espionage) for the most part they are opportunistic.
Using technology, they scan the internet looking for vulnerabilities to find ways into your corporate network. This is why patching is so important. By applying updates and patches once they become available, you’re effectively plugging those gaps. Importantly, cyber security isn’t about becoming bulletproof; there is no solution on the market that can guarantee 100% protection. Instead, it is about mitigating the risk by having the right, layered cyber security in place, shaped by your understanding of the threat landscape and complemented by the skills and expertise of a security partner.
Ideally, your business should adopt a risk-based approach. By knowing your business extremely well, understanding your attack surface, defences and where the gaps lie, you can prioritise your risks around three key areas of technology, people and processes.
Work through cyber security myths
One of the biggest myths around cyber security is that breaches or attacks can happen instantly. The truth is that it takes time to breach an organisation, find a vulnerability and capitalise on it. In the same vein, breaches aren’t always noticed immediately, as mentioned in the Sports Direct example. Very often hackers can get into a corporate network, lurk around for days or weeks and then take what they want. Stats from Ponemon suggest US companies take, on average, 206 days to find a breach. For European companies it takes even longer – 469 days on average.
Another misconception about cyber security is that when it comes to the cloud, protection is a given. While you might recognise it’s your responsibility to secure data in your organisation, your responsibility doesn’t stop once it goes to the cloud. Your cloud provider protects its infrastructure and you as its customer, but it is up to you to make sure you have the processes and procedures in place to keep your data secure.
Understand your challenges
Devising, implementing and managing a cyber security strategy isn’t always easy and your organisation might face significant challenges. The two most common are a lack of cyber security expertise within your business and the sheer complexity of understanding the solutions and vendors in the market; it can help if you join forces with a trusted security partner.
Conclusion
An attack can lead to the exposure of sensitive data and the loss of intellectual property but often the greatest cost is the damage to your reputation.
It’s not all doom and gloom when it comes to cyber security. Yes, the threat is real. But having the right strategy in place, understanding the threat landscape and drawing on the knowledge of experts can certainly help place your business in a strong position to protect itself and mitigate risk.
