placeholder
Stuart Gentle Publisher at Onrec

The majority of organisations aren’t prepared for Cyber Attacks

The current state of most organisations’ information security needs addressing with respect to GDPR in order to ensure individuals’ data is kept safe. Now more than ever before, companies need to take responsibility for cyber security as a fundamental part of their business.

This is not just to prevent data breaches but also to learn from them and prevent future cyber incidents.

IT Governance states that during October 2017 over  55 million records were leaked in the UK as a result of cyber crime.

Common types of data breaches include:

  • Insufficient training of staff regarding simple security practices and processes
  • Poor protection of data storage
  • Insider threats, disgruntled employees
  • Theft from unencrypted files or devices
  • A shortfall in end-to-end data protection utilities and destruction services
  • Operating from unsecured internet access services or Wi-Fi
  • Phishing emails with malicious attachments and ransomware.

“There is no conceivable information security system that can stop one person out of a hundred opening a phishing email, and that can be all it takes.” Ciaran Martin, Director General for Cyber Security, GCHQ – June 2015 - (http://www.gchq.gov.uk/speech/director-general-cyber-security-speaks-infosecurity-europe-2015)

From May 2018 the the European Union’s General Data Protection Regulation (GDPR) law will come into force. This new legislation means organisations which store personal data concerning EU citizens must comply with these new regulations, this also applies to organisations that are not based in the EU itself.

Many organisations are still lacking the skills and knowledge needed adhere to the new GDPR regulations. In practice, many staff members are not cyber security aware and do not understand their organisations obligations, so it’s essential to develop their skills to ensure they keep pace with rapidly evolving technology and prepare for the associated risks.

Attack recovery is far more expensive and more damaging to the success of an organisation than the cost of ensuring cyber resiliency in the first place. The cost of a cyber attack has an enormous impact on an organisations budget. Preventing security breaches in the first place is the  most effective way to ensure the survival of your business given the current cyber threat landscape.

“Last year, the average cost of breaches to large businesses that had them was £36,500. For small firms the average cost of breaches was £3,100. 65% of large organisations reported they had suffered an information security breach in the past year, and 25% of these experienced a breach at least once a month. Nearly seven out of ten attacks involved viruses, spyware or malware that might have been prevented using the Government’s Cyber Essentials scheme.” 2016 Government Cyber Health Check and Cyber Security Breaches Survey.

Rt Hon Matt Hancock MP, Minister of State for Digital and Culture, during his speech at at the Cyber Security Speech Institute of Directors Conference in London said

“Over 95% of businesses have internet access. Over 60% of employees use computers at work. The internet is used daily by over 80% of adults - and four out of five people in the UK bought something online in the past year. And we know the costs of a successful attack can be huge. My message today is clear: if you’re not concentrating on cyber, you are courting chaos and catering to criminals.”

The number and severity of cyber incidents affecting organisations across the public and private sector are only going to rise, however the findings from the Cyber Governance Health Check Report 2017, shows that there has been progress from the previous year. Over half of the FTSE350 businesses now possess a definitive understanding of the impact of a cyber incident, up from 49% to 57%. And more than half of these organisations are now setting out their approach to cyber risks, a rise of 20 percentage points to 53%.

Phill Everson, head of cyber risk services at Deloitte said “There is still some way to go, though, as the findings show that many boards still do not have a defined role to lead a company-wide response. This corroborates the recent Deloitte analysis of FTSE100 annual reports, which found that just 5% disclose having a board member with specialist technology or cyber experience,”

The UK government stated that they are committed to defending against cyber threats. And have published this helpful article https://www.ncsc.gov.uk/guidance/10-steps-cyber-security