How seriously do you take cybersecurity?

UK businesses are subjected to a cyberattack every minute of the day*. But despite more companies gearing up to protect themselves from cybercrime, many organisations are not well versed in this issue or simply fail to enforce a strict IT security regime. Cybercrime and data theft are undoubtedly becoming a growing cause for public concern and whilst we can’t inoculate ourselves from being targeted, we can take preventative measures to ensure this threat is kept at bay.

The current digital landscape

Driven by innovation, shopping behaviour and customer trends, digital infrastructure has changed, meaning companies need to be far more careful when it comes to handling personnel and customer data.

GDPR rocked the data world when huge fines were issued to companies failing to comply with the regulations, despite months of warnings. The severity of the fine can differ, but the most serious violation can result in a fine of up to £20 million, or 4% of a company’s annual revenue, whichever is the higher figure. Obviously for a company such as British Airways – which were fined a whopping £183 million in July last year – this wouldn’t have dented operations as much as it would say, a smaller company or a start-up, who simply wouldn’t have the cash to pay up and resume service as normal.

Growing in sophistication

Cybersecurity is a provocative game of cat and mouse. When defence systems are engineered and put into place, the attackers only look for other means to gain access to sensitive information. Fake calls and emails now seem like a relic in the world of cyberattacks, even though victims still fall into their traps today. Attackers are now using methods such as social engineering, malware, and ransomware – remember the NHS ransomware attack in 2017?

But despite the attackers becoming more technically savvy, it is usually the lack of defence that essentially allows these opportunists to brazenly stroll into someone’s sensitive data. Often businesses are more prepared for a flood than a cyber-attack, yet cyber-attacks are occurring at a rate of one a minute. So why the underestimation of the severity of cybersecurity? Some people that believe because a company hasn’t had a data breach yet, or in a long time, they aren’t susceptible to being targeted, with the logic of what isn’t broken doesn’t need to be fixed. Others may believe that the problem is finite and can ‘solved’ rather than an ongoing issue that requires monitoring.

Cisco has found that the top vulnerabilities in 2019 were simple phishing attacks, most likely because of the sheer quantity that are sent out to potential victims. Although they’re the most common form of attack, their constant changing of appearance can be quite beguiling. Unsecured Wi-Fi networks allow criminals to intercept confidential information from connected computers, and which, subsequently, has made unsecure Wi-Fi networks one of the main gateways to cyber-attacks.

In the most recent State of the Phish report, collated by Proofpoint, statistics showed that more than 55% of businesses dealt with at least one successful phishing attack in 2019. In addition to this, phishing via text/SMS – known as ‘smishing’ in the industry – attacked 84% or organisations whilst 83% of organisations experienced voice phishing or vishing. It doesn’t all make for grim reading though, 77% of businesses admitted that educating and training employees on how to avoid getting attacked reduced the number of attacks proved successful.

Big business

The last decade has seen some major strides towards how we use technology for both business and personal use, moving our banking to an online platform as well as company data. A report by Bulletproof, a cybersecurity services company, has highlighted that roughly $3.5 billion was spent globally on cybersecurity back in 2004, and approximately $120 billion in 2017, you don’t need advanced level maths skills to realise just how huge that financial bracket has stretched despite inflation, showing just how prevalent the threat has become.

Cyber Essentials certification

It isn’t all doom and gloom. There are measures out there at government level that offer support and advice. GCHQ, the Government Communications Headquarters, is the security and intelligence organisation responsible for keeping Britain safe from hackers, terrorists and organised crime. Its origins lead back to intelligence operations during WW2, where signalmen used Morse code to intercept and spy on potential threats to the United Kingdom.

GCHQ’s cybersecurity arm, the National Cyber Security Centre, has put forward a Cyber Essentials certification, backed by the Government, that demonstrates that holders – whatever their size – are safeguarding themselves against a whole range of the most common cyber-attacks and essentially acts as a badge of confidence for the wearer.

Some stats that the GCHQ have collated:

• 230,000 new malware samples daily
• 9 billion global internet users
• 62 million cybercrime victims every day

Those stats speak for themselves. With half the world’s population able to access the internet, and with 1.62 million victims daily, the casting net for these crimes is huge.

Cyber-attacks are guileful in that they can take on many forms. Fortunately, the vast majority of these offences are carried out by relatively unskilled individuals, trying their luck to some extent – the digital equivalent of a thief trying your front door to see if it’s unlocked.

Companies that actively seek out Cyber Essentials certification not only make cybersecurity a priority, but they ensure that this commitment combined with their knowledge of business software, cloud storage, mobile device management and many more places them in a position of authority to provide guidance and support.

We recently attained such a certification, because we take cybersecurity seriously. We understand the potential threats out there and feel responsible, for a company providing solutions to numerous businesses across the country, that we protect ourselves with the necessary tools to secure our internet connections, software and devices, and control access to data and personal information.

Cyber Essentials certification is also required for companies who wish to bid for central government contracts which involve handling sensitive and personal information or the provision of certain technical products and services.

For more information on protecting your business from cybercrime and how we can help, click here.

If you’d like to tap into our expertise in safeguarding businesses and protecting data, need some advice or training, or just want to chat with us generally on a specific topic, contact us here.

*Varonis reported every 39 seconds, whilst others found around the minute mark, a median estimate has been provided.