It’s 2024! Happy New Year! The start of the new year is always a good time to get good intentions and positive action in place in our personal lives but also at work.
Cyber attacks often feel like something that happens to other organisations. Attacks pop up in news stories and sometimes make the headlines, but the severity of their impact isn’t always understood.
Why should we worry?
Cyber attacks are a big deal. The ability to hack into any part of your digital systems and processes could be catastrophic for your organisation. Personal data belonging to employees, suppliers and customers could be exploited, confidential information and data relating to your organisation stolen and used for ransom, sabotage and extortion. Quite simply a cyber-attack could ruin your organisation and the lives of many people associated with you.
High profile attacks
Early last month, a serious hack took place via MOVEit software. The hack was first disclosed when US company Progress Software said hackers had found a way to break into its MOVEit Transfer tool. MOVEit is software designed to move sensitive files securely and is popular around the world with most of its customers in the US. However, this mass hack also affected companies in the UK including the BBC, BA, Boots and Aer Lingus. The hack could include the theft of personal staff details including staff ID numbers, date of birth, home addresses and national insurance numbers.
The UK's National Cyber Security Centre said it was monitoring the situation and urged organisations using the compromised software to carry out security updates.
Inadvertent data sharing
Also last month, The Guardian revealed that a number of large UK mental health charities were using the Meta Pixel embedded onto their website. This enabled the browsing activity of users such as button clicking and page viewing to be revealed to Facebook. Although details of conversations sent via chat tools were not shared, details that users would usually expect to be private were. The information collected via the pixel can be matched to IP address – an identifier that can usually be linked to an individual or household – and, in many cases, details of their Facebook account ID. Since the reveal, many of the charities have now removed the pixel and have expressed their surprise that a tool that they implemented to help run marketing campaigns was sharing so much private data. The ICO has begun an investigation.
The stats
In March 2022, the Government Department for Culture, Media and Sport revealed in its Cyber Security Breaches Survey that the number of cyber-attacks on businesses and charities was increasing. 31% of businesses and 26% of charities said they now experience cyber breaches or attacks at least once a week.
Further statistics from the Cyber Security Breaches Survey 2022 report revealed that although the frequency of cyber-attacks is rising, the number of businesses which experienced an attack or breach remained the same as 2021 levels. Almost a third of charities (30 per cent) and two in five businesses (39 per cent) reported cyber security breaches or attacks in the last 12 months.
Following the report, Cyber Minister Julia Lopez said:
“It is vital that every organisation take cyber security seriously as more and more business is done online and we live in a time of increasing cyber risk.
No matter how big or small your organisation is, you need to take steps to improve digital resilience now and follow the free government advice to help keep us all safe online.”
It seems the message is getting through. Four out of five senior managers (82 per cent) in UK businesses now see cyber security as a ‘very high’ or ‘fairly high’ priority, up from 77 per cent in 2021. This is a significant increase and the highest figure seen in any year of the cyber security breaches survey.
What can you do?
The most important thing is to ensure that cyber security remains a top priority across the organisation.
The Government have some useful guidance:
For small business
The Cyber Essentials scheme helps small businesses to protect against the most common cyber threats such as phishing attacks and the Small Business Guide helps you to improve cyber security practices.
Larger organisations
Should use the Board Toolkit to get company executives to act on cyber resilience.
Charities
Should follow the Small Charity Guide to boost cyber security operations.
How to recognise suppliers with the highest standards in information security management
ISO (The international Standards organisation) sets out the highest standards for all sorts of processes including IT and cyber security.
ISO 27001 is the world's best-known standard for information security management systems (ISMS). It defines the requirements an ISMS must meet based on the three principles of information security: confidentiality, information integrity and availability of data.
Organisations who conform with ISO 27001 have put in place a system to manage risks related to the security of data owned or handled by the company, and this system respects the best practices and principles enshrined in this International Standard.
We at Olamalu have recently completed our final audit and have been awarded with the ISO 27001. We are proud to be among the earliest organisations to be certified to the very latest 2022 version. This means we are able to offer our customers even greater peace of mind knowing that we are accredited to the highest and most up-to-date standard.
If you want to find out more about the ISO 27001 visit www.iso.org
Want to know more about us? https://www.olamalu.com/what-we-do
July 2023