Cyber Attacks

A cyber attack can be massively detrimental to a business. Depending on the type of cyber attack, your business may be on lock-down or temporarily unable to trade due to systems being inaccessible. Your resources, such as IT, will be entirely focussed on resolving the issue and getting the company up and running again. It’s not just IT-related however, with around 75% of the UK having a social media account of one form or another, complaints often arrive in droves meaning customer support teams are working hard at fighting fires and trying to please customers.

It can also have a negative effect on the brand’s image – personal information is often compromised in a cyber attack, and lack of trust in a brand is a key reason why loyal customers change suppliers.

A cyber attack on a business can also have a negative effect on its finances. The UK Government published a report this year on cyber security breaches stating that the average cost to a business across all breaches was £1,230 and the average cost to a business across breaches with an outcome was £3,100.

With the recent introduction of General Data Protection Regulation (GDPR), legislation that limits how personal data can be processed and stored, an organisation can face penalties for a data breach. After a cyber-attack, the Information Commissioner’s Office (ICO) can conduct an investigation into the incident, and if found negligent, the organisation can be fined up to 4% of global turnover or €20M; whichever is highest.

The UK Government has increased support for businesses by providing information about basic cyber security, free online training and a link to what you should do if you have been a victim of cyber crime or online fraud. The page can be viewed here.

They have also introduced a Cyber Skills Immediate Impact Fund (CSIIF) pilot. The UK Government introduced this pilot in February 2018 with the objective of increasing the number of those working in the UK’s growing cyber security sector. The funding was available to an array of organisations and in late summer 2018, the CSIIF will be opened again for more organisations to bid for funding.

In 2017, Hampshire Constabulary and Gloucester Constabulary launched an Operational Cyber Specials and Volunteers team trial, which consisted of 15 members. The team was comprised of volunteer industry experts and was established to help the police forces with their investigations. The trial was a success and similar schemes, involving both regular officers and volunteers are being investigated in other forces across the UK.

The National Cyber Security Centre has a lot of help and guidance on how organisations can protect themselves in cyber space here.

With their 10 preventative steps being:

• Set up your risk management regime –  assess the risks to your organisation’s information and systems
• Network security – protect your networks from attack
• User education and awareness – produce user security policies
• Malware prevention – establish anti-malware defences
• Removable media controls – control all access to removable media
• Secure configuration – ensure the secure configuration of all systems is maintained
• Managing user privileges – establish effective management processes
• Incident management – establish an incident response and disaster recovery capability
• Monitoring – establish a monitoring strategy and produce supporting policies
• Home and mobile working – develop a mobile working policy