UK businesses saw a 22% increase in cybercrime in the past year alone – resulting in more than £1 billion in losses – according to figures released by Get Safe Online and Action Fraud. Cyber security is one of the top concerns for organisations today.
Growing dependency on the internet are trends such as the Internet of Things are changing how companies do business and widening the area of opportunity for attack.
Yet there’s still a significant proportion of businesses that are not facing up to this threat. In Advanced’s recent Trends Survey of over 1000 business professionals, 26% admitted they were woefully unprepared for a cyber attack.
The consequences for firms that fail to implement robust cyber security measures are stark – ranging from severe operational disruption to financial losses, redundancies or even bankruptcy.
This is echoed by recent high-profile attacks that show organisations are not detecting attacks quickly enough, are slow to respond to them, and do not understand the impact of an attack on their business once it is underway.
What’s more, the ways in which cybercriminals attack is growing ever more sophisticated. Mandate fraud, where fraudsters trick employees into changing a direct debit or standing order by pretending to be a supplier, is becoming an increasingly worrying issue for UK businesses.
Other types of cyber fraud that have increased dramatically over the last year include CEO fraud, phishing, extortion, vishing (telephone scams) and smishing (SMS messaging scams).
While rigorous IT security controls are critical, it is vital for all businesses to provide their staff with the right tools and training to be able to identify signs of suspicious activity.
A firm’s cyber security measures cannot simply rely on the expertise of a skilled IT team. Knowledge about best practice must be widespread across an organisation.
Employees are a company’s first line of defence, yet while people know to look out for cyber threats in their private lives, and are quite savvy about how to avoid them, they often leave their companies’ wide open to attack.
New government research shows nearly two-thirds of large UK businesses have suffered a cyber attack, yet only 17% of UK firms have trained staff in this area over the past year.
Consequently, many use the same password for different work applications, or write them down, making their accounts vulnerable to hacking or work while connected to public Wi-Fi networks and access social media sites on their work PCs. Encourage staff to stop and think before clicking through on emails and to never disclose passwords.
While the government has greatly increased its cybercrime budget, it is down to organisations to take control of their own cyber security. They need to create a culture of security that is led at all levels and backed up with robust policies that reduce and detect risks early.
A good internal culture will also make the management of data easier, will carry on through to all interactions with external relationships, and hopefully will encourage clients to be more security conscious too.
Sourced from Jon Wrennall, CTO, Advanced