Cyber attacks, how real are they and what can you do to help secure your business?

All businesses rely on technology in some shape or form and since the pandemic, this has increased. During that time, many manual processes were turned digital, and have stayed that way. More information was shared digitally – both internally and with customers, and still is. Businesses used more social media than ever before, and still do. And of course, we all worked from home – and many of us have remained that way for at least some of the week. With an increased demand on digital technology for business, comes an increased need to protect our businesses from cyber-attacks.

The grim reality

According to research undertaken by The Department for Digital, Culture, Media and Sport in 2021, four in ten business and a quarter of all charities reported having cyber security breaches or attacks in the 12 months previous to the research taking place.

Most worrying is the frequency. Among those businesses who identified breaches or attacks, around a quarter experience them at least once a week. The most common form of attach is phishing (83% of business and 79% of charities) followed by impersonation.

What is phishing?

Put simply, phishing is when cyber attackers trick users into doing the wrong thing such as clicking a bad link that will download malware, or direct them to an unsafe website.

What is impersonation?

An impersonation attack is when a cybercriminal poses as a trusted contact and in the case of business, manipulates employees to transfer money, share sensitive data, provide information and more. This is done in a very subtle and sophisticated way and often starts with the cybercriminal gathering information from social media to build their activity. They take on a false persona and build a relationship with employees making it easier to ‘trick’ them after a period of time.

The impact

Among the 39 per cent of businesses and 26 per cent of charities that identifed breaches or attacks in the government research, one in five (21% and 18% respectively) end up losing money, data or other assets. One-third of businesses (35%) and four in ten charities (40%) report being negatively impacted regardless, for example because they require new post-breach measures, have staff time diverted or suffer wider business disruption.

Combative measures

Cyber security activity is not showing any signs of decreasing, but the government research shows that the impact of the attacks is. This may, in part due to more organisations implementing basic cyber security measures following the introduction of GDPR in 2018 as well as other trends such as the rising use of cloud storage and back-ups.

What can you do to minimise the impact of a cyber-attack?

There are 2 immediate things:

  1. Raise awareness and increase the profile of the risk of cyber-attacks in your organisation. Getting the message in front of the right people will help to make cyber security a priority for the long term. The government research found that three-quarters (77%) of businesses say cyber security is a high priority for their directors or senior managers, while seven in ten charities (68%) say this of their trustees. Half of businesses (50%) and four in ten charities (40%) update their senior management teams about the actions taken on cyber security at least quarterly.

  2. Undertake some robust assessments to ensure you doing the right things to protect your IT infrastructure. Cyber Essentials can really help and is something we’ve just undertaken as a business. It’s a government backed scheme that helps organisations of any size to protect their IT infrastructure against a whole range of the most common cyber-attacks by looking at 5 technical controls: firewalls, secure configuration, user access control, malware protection and security update management. There are two levels of certification: Cyber Essentials and Cyber Essentials Plus and both will help:

  • Give a clear picture of your organisation's cyber security level.

  • Deter attackers.

  • Reassure customers that you are undertaking necessary steps to secure your IT against a cyber-attack.

  • Attract new business with the reassurance that you have robust cyber security measures in place.

  • Enable you to take part in tenders for government contracts which require Cyber Essentials certification.

More information

To learn more about Cyber Essentials or to undertake an assessment, click here: www.ncsc.gov.uk

To read the full government research report that we reference in this article, click here: https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2021

June 2022