PureCyber

View Original

Cyber - whats all the fuss about

Today our businesses and personal lives are inexplicably linked to technology, from window cleaners accepting contactless payments to government organisations processing our most personal data. We are now in the matrix!   

For many years, the configuration and securing of these devices have been recognised as a job for the ‘IT guy’ but unfortunately Cyber Security is not an IT issue. The way we use technology plays an enormous part in it’s vulnerability, a laptop may be perfectly secure however, if you connect it to a vulnerable public WiFi connection, then who knows what may happen.

From email correspondence and financial transactions to professional networking and collaborative work documents, businesses rely on technology to be connected at all times and conduct work effectively. However, when these lines of communication are threatened or even compromised, it can have a disastrous effect on the business.

Every week in the news we hear about high profile cyber attacks such as  TalkTalk, who had its personal details hacked in 2015, which resulted in a record fine of £400,000 for the security failings. Similarly, Sony entertainment was brought to its knees by hackers. These are sensational high value hacks that seem a million miles away from our businesses but normal businesses in Wales get hacked too. In 2016 a Welsh loans boss was convicted for hiring hackers in Costa Rica over the dark web, his aim was to ‘take down’ his competitors. His actions were discovered by the FBI !

No business is too small to be at risk of a cyber security attack, it does happen to small to medium businesses too. Last year, SME Boomerang Video was fined £60,000 for leaving itself vulnerable to hack attacks and other SMEs such as software company PCA Predict have experienced cyber-attacks in recent years. These examples are the tip of the iceberg and emphasise the need for businesses to protect virtual interests from malicious attacks with strong security.

According to the National Cyber Security Centre, 48% of all UK businesses had reported cyber security breaches or attacks in the last 12 months. These data breaches have resulted in lost files, software, system or website corruption, and even loss of assets or intellectual property.

The most common cyber security threats include scammers impersonating a business, the sending of fraudulent emails, and viruses and malware. Research from the Cyber Security Breaches Survey also found that the average financial impact for businesses in the last 12 months came at a cost of over £4,180, which can have a substantial effect on a small business’ revenue.

A successful cyber attack can cause major damage to your business. It can affect your bottom line, as well as your business' standing and consumer trust. The impact of a security breach can be broadly divided into three categories: financial, legal and reputational.

Of the three categories, economic cost of cyber attack is the most quantifiable. Cyber attacks often result in substantial financial loss. The theft of corporate information such as intellectual property can be a ‘distinction event’. All companies have IP and we should all know what it is… for a hairdresser it may be their client list, for a manufacturer it may be designs, they are completely different but equally vital to the operation of the company.  

Businesses that suffered a cyber breach will also generally incur costs associated with repairing affected systems, networks and devices.

With the introduction of the General Data Protection Regulation (GDPR) in May 2018 the legal consequences of a cyber breach now have the potential to impact the survival of a company. Now companies have to be able to demonstrate that they have taken the appropriate measures to protect the personal data that they hold and It means businesses have to report any breaches to the ICO (Information Commissioner's Office). As a result, the fines have dramatically increased which could also mean the average cost of data breaches rise even further in the coming years.

Reputational damage is almost impossible to quantify, trust is an essential element of customer relationship. Cyber attacks can damage your business' reputation and erode the trust your customers have for you.

The effect of reputational damage can even impact on your suppliers, or affect relationships you may have with partners, investors and other third parties vested in your business.

Not understanding the cyber security risks your business faces can be greatly damaging. There is the direct economic cost of such attacks to your company, such as theft of information, disruption to your staffs’ access to the apps they use or even having to repair affected systems all resulting in the impact of financial loss. As well, cyber security breaches can also cause reputational damage.

With a lack of faith in the confidentiality of your company, customers will be inclined to look elsewhere, resulting in a loss of sales, which is exactly what happened to TalkTalk.

Aside from the direct impacts of a cyber security breach, there are also legal consequences to deal with in the aftermath. Failure to manage a customer's personal information in light of the GDPR can result in regulatory Fines.

All businesses, no matter its size, needs to ensure everyone involved in the company is up to date on the latest cyber security threats and the best methods for protecting data. The best way to do this is with regular training of staff as well as using a framework to work towards with key goals for achieving a standard which ensures the risk of a data breach is minimal. One such standard, backed by the National Cyber Security Centre, is Cyber Essentials.