Cybersecurity – a critically important aspect for any business using the internet or operating online.
Computer security, cybersecurity or IT security are various names given to the protection of hardware, software and any information stored on them from threat or damage.
Cybersecurity is no longer just about protecting hardware and software, it’s now the protection of ourselves, our business reputation and customers in the digital environment. We all have a responsibility to protect services from being maliciously disrupted or misused, through vigilance, security measures and reporting events when they arise.
The United Kingdom is being targeted by up to 1,000 cyber attacks every hour!! Large scale cyber security breaches often make the headlines, but what about the security breaches which don’t? 70% of organisations keep their worst security incidents under wraps.
We have grown accustomed to seeing technology changing at an incredibly fast pace (we shop online, work online, bank online, play online). More and more of our lives depend on online digital services. The United Kingdom is at the forefront of e-commerce and people are happy to embrace the technology era. It brings greater productivity, customer experience and a reduction in overhead costs for businesses. The internet allows businesses and organisations of all sizes to access and trade digitally in an ever increasing global market place.
The effect of a cyber attack on an organisation or business has a destructive effect on both the connecting technology and human aspects. The extent of the destruction depends on the awareness and protection levels used by that organisation or business.
At a recent Institute of Directors meeting attended by Neil, Professor Richard Benham (pioneer of Cyber Security Management, founder of the National MBA in Cyber Security and The National Cyber Awareness Course) hosted the meeting and the future of cyber security was a hot topic.
The Institute of Directors Cyber Survey had some alarming key findings (of 980 responses):
- 99% of the members surveyed said their organisation was dependant on the internet
- 91% said that cyber security (defined as firewalls, anti-virus, encryption, etc) was important to their organisation
- 57% said they had a formal cyber/information security strategy
- 49% said they provided cyber awareness training to staff
- 6% said they spent nothing on cyber security over the past year
- 43% of organisations do not know where their data was physically stored. This is a truly frightening statistic.
- 59% said they outsourced their data storage
- 20% of organisations hold cyber insurance, this figure is predicted to reach 90% in the next Institute of Directors Cyber Survey
- 72% of businesses had received bogus invoices
- 28% of cyber attacks were reported to the police
- 49% of businesses said the biggest damage to a cyber attach was the interruption to business
- 11% of businesses affected by a cyber attack suffered a financial loss
- 68% of members were unaware of Action Fraud Aware.
Action Fraud Aware is the UK’s national reporting centre for fraud and internet crime. Anyone who has experienced any aspect of cyber crime (fraud, scams, etc) should report this to Action Fraud Aware. Cyber attacks come in many guises and their impact can be far reaching.
Professor Richard Benham
Professor Benham outlined four key trends that he believes will become ever more important over the coming years – with significant impact for British businesses.
Cyber in the boardroom
Growing awareness in the boardroom. Cyber is now a board level issue affecting not just the IT department but all areas of a business (operational and reputation). Businesses and organisations need to have a strategic risk contingency plan in place.
Cyber education
There is an increase need for cyber education (at all levels) to help businesses and organisations protect themselves (particularly from social engineered attacks, staff negligence or malicious insider attacks).
The cloud
The significant increase in cloud-based solution providers. Most offer competitive pricing and allow data to be outsourced.
Cyber insurance
The introduction of a visible UK cyber insurance marketplace with standalone policies.
Office for National Statistics
The Office for National Statistics issued figures for the year end (June 2015) that make disturbing reading:
- 2,460,000 computer misuses recorded in the UK
- 404,000 cases were in relation to unauthorised access to personal information (including hacking)
- 2,057,000 computer viruses reported.
The real figure is undoubtedly higher as these were just reported instances.
The Office for National Statistics has voiced its concern over the increasing levels of cyber crime and have commissioned a new cyber crime field study. This field study took place in October and the findings are due for release shortly.
National Security Strategy
The National Security Strategy in 2010 identified cyber as a Tier 1 threat to the United Kingdom (between 2011 and 2016) and ploughed £860 million of Government funds into providing a cybersecurity strategy. The objectives within this strategy were:
- To make the UK one of the most security places in the world to do business in cyberspace
- To make the UK more resilient to a cyber attack and better able to protect our interests in cyberspace
- To help shape an open, vibrant and stable cyberspace that supports open societies
- To build the UK’s cyber security knowledge, skills and capability.
Attached is the UK Cyber Security Strategy 2011-2016 final report.
Cyber remains a Tier 1 threat to the United Kingdom both economically and on national security level.
The government will further invest £1.9 billion over the next 5 years into cyber security.
Conclusion
TU Marketing strongly recommend any business or organisation using the internet to consider safeguarding their own and their customer information. We urge directors and IT Managers to ensure Cybersecurity is discussed, contingencies be put in place and constantly reviewed.
TU Marketing suggests any business or organisation to:
- Conduct a data audit to classify important sensitive data
- Ensure their cloud and IT providers demonstrate security protocols and disaster recovery plans
- Ensure all antivirus and spyware programs are installed and updated
- Implement a contingency plan for different scenarios and a mitigated plan for “what if your system is hacked or compromised”
- Produce a basic checklist for cyber security staff
- Consider a Cyber Insurance Policy.
We hope you found this topic of interest, we will be producing further blogs on cybersecurity.