With cyber attacks becoming more and more common, is it time for businesses to develop their cyber security?
Throughout 2016, nearly half of all UK businesses suffered from a cyber-attack or a breach within their computer systems. With around 46% of all UK businesses reporting attacks, the figure has almost doubled from the 24% reported at the end of 2015.
The amount of cyber-attacks throughout 2017 is expected to see the figure rise once again as more prolific attacks make headlines across the country. Earlier in the year, the NHS was crippled by the WannaCry ransomware that infected over 300,000 computers across 150 countries. Many NHS hospitals and GP surgeries were forced to return to pen and paper after the attack affected key digital systems.
Adam Cave, Managing Director at Murray McIntosh commented on whether an increase in cyber security attacks has led to more businesses looking for cyber security professionals:
“To some extent we are seeing more businesses turning to us to find cyber security professionals. However, what we are seeing more frequently is new organisation offering innovative solutions in this space”
The NHS was once again hit by another cyber-attack more recently with Scotland’s third largest NHS trust once again being affected by malware. While the nature of the cyber-attack wasn’t confirmed, operations and appointments had to be cancelled. Alongside this, second hand technology store CeX suffered a data leak which saw two million customers’ details stolen including names, addresses, emails, phones numbers and a small number of encrypted credit card details.
Commenting on the need for cyber security reviews within companies, Terry Cave who has spent much of his career working throughout the industry said:
“All businesses need to take fundamental reviews of their security policies and the tools they use to combat potential breaches. Most if not all companies pay for year on year protection for Anti-Virus type offerings. The fact is none of these solutions will stop a predicated attack. There are over 300 thousand new variants of viruses being released daily and the sellers of these solutions must identify and write the appropriate solution. They have to wait for a successful breach before they can act and this can take a few days to address, in the meantime how many of their customers have experienced the new variant virus? One is too many”
With businesses becoming a common target of cyber-attacks, knowing how to keep your data secure from potential breaches has become a necessity. Hackers are constantly becoming more sophisticated and equipping themselves with more ways to breach firewalls, so businesses need to pre-emptively prepare themselves for an attack.
While cyber-attacks are on the rise, there are several basic methods that companies can practice to ensure that they do not leave themselves wide open to an attack. From ensuring your firewalls have the latest updates to updating and strength checking passwords regularly, businesses can help to keep their data safe.
Terry stressed the need for businesses to realise just how important it is to ensure they keep their data secure and suggested how businesses can identify vulnerabilities:
"The incoming GDPR legislation for breaches & loss of data are extremely prohibitive to all corporations, the fact they can be fined up to 5% of gross annual worldwide revenues should be a significant wakeup call to all. Penetration testing is inexpensive and will highlight potential holes in your security offerings, there are many reputable vendors out there who have a plethora of bright ‘white hackers’ in house who will basically attack your defenses under approved auspices, the end result being their ability to identify how they successfully breached the corporation’s defenses and therefore what measures are best suited for implementation to fill these holes."
Businesses may feel like a cyber-attack would never happen to them, but it’s that mentality that led to thousands of computers around the world becoming infected by the WannaCry virus. Being proactive and ensuring there is a company-wide understanding of the latest risks facing companies can help create a culture that has a keen eye for any phishing, malware or system hacking threats.
Educating employees to not immediately click on unexpected attachments and ensuring IT departments have effective measures to test them are steps in the right direction to developing a knowledge of cyber security which is unfortunately lacking in many businesses.