In today’s modern connected world cyber security matters and is vital for protecting our crucial infrastructure. The threat of cyber-attacks is now a worldwide concern, as high-profile breaches create fear that cybercrime could endanger the global economy.
Looking to the future as networks continue to expand and connectivity increases, the importance of cyber security has never been so relevant as we all seek to protect ourselves and our data from the threat of being exploited.
Back in 2012 FBI Director Robert Mueller was highlighting why cyber security is important and the inevitability of cybercrime: “There are only two types of companies; those who have been hacked and those who will be.”
However, what can organisations do to ready themselves against cyber threats? What zero trust specialist assistance is available to minimise and mitigate cyber risk? How can organisations recover quickly from an attack?
Cyber security is everyone’s concern
Here are the key findings from a recent study by the UK government on cyber security (Cyber Security Breaches Survey 2018):
- More than four out of ten organisations (43 per cent) and two out of ten charities (19 per cent) suffered a cyber security breach or attack in the last 12 months
- 74 per cent and over half of all charities claimed that cyber security is of high importance for their organisation’s board
- Nevertheless, only three out of ten companies (27 per cent) have instated cyber security policies
What is cyber security?
Cyber security has received many definitions over the years, however as a continually evolving area of security so does the scope of what cyber security entails.
Cyber security is principally the approach and actions related to security risk management processes followed by organisations. All those who operate within cyber security look to protect the privacy, integrity and availability of data and assets.
The concept of cyber security includes policies, procedures and safeguarding measures, as well as technology and training to deliver the most comprehensive level of protection for the environment and its users.
What is the real impact of a data breach?
The average cost of a breach (Cyber Security Breaches Survey 2018)
- £22,300 – Large business
- £2,310 – Small to Medium Enterprises (SMEs)
Financial and reputation damage – Cybercrime can disrupt and damage an organisation financially as well as harming their reputation.
Data loss – By suffering a breach, an organisation could face losing critical data and business assets.
Remediation – There is also the cost of remediating the problems caused by the attack and stopping further attacks.
Legal impact – If the company is found to be liable for the attack, by not putting in place appropriate cyber defences, then they could face regulatory fines and litigation.
Why cyber security matters for small and medium business?
A surprising 45 per cent of SMEs wrongly do not believe they are a target for cybercrime.
Regardless of the business size or status, cyber security should be of board /director level importance, and that message disseminates throughout the organisation.
Where data and assets reside in computer networks businesses will continue to be the target of criminals.
Therefore, small and medium enterprises like the larger corporate organisations must protect their information at all times.
What are the most common cyber-security threats?
Any organisation with an internet presence are at plausible risk of a cyber attack. Moreover, as FBI Director Robert Mueller highlighted in 2012, it is not a matter of if you will be attacked, but when.
With the threat of cyber security so real and prominent it is vital that organisations realise their risks and learn how to mitigate them.
An overview of cyber-attacks
- A cyber-attack occurs when cybercriminals try to overthrow or successfully destroy an IT network
- A cyber attack is an offensive tactic that targets both organisational IT systems as well as personal computer devices
- Cyber attackers come in a variety of forms from nation-sponsored hackers through to lone wolf individuals, to groups and societies
- Often cybercriminals remain anonymous
- The criminals use malicious code and software to infiltrate IT systems to steal information and data which they will then sell or use to blackmail their victims
In the vast majority of cybercrime cases attacks are randomly automated. The criminals look to exploit known vulnerabilities rather than targeting specific organisations.
The reality is your organisation could be suffering a breach right now, and you might not even be aware.
There are two main categories of cybercrime; they derive from breaches of data security and sabotage:
Data security breaches
- Theft of personal data
- Intellectual property (IP)
- Trade secrets
Sabotage attacks
- Attack of a service
- Disable systems and infrastructure
Latest threat news to be aware of:
Malicious scans are present in WordPress plugins – Cybercriminals are scanning WordPress websites using vulnerable versions of popular plugins that could give them access to overthrow websites and servers. (ZDNet)
New malware – Kronos or “father of Zeus” is a destructive banking malware found in malicious email campaigns. It was first detected in 2014 and has made a reappearance in 2018 by exploiting a vulnerability found in the Microsoft Office application. (ZDNet)
Phishing – A recent report on phishing cites that one in every one hundred emails is now part of a phishing hacking bid. (FireEye)
Ransomware – Ransomware occurs when hackers use malicious software to threaten and publish the victim’s data or continually block access to it unless they pay a ransom
An example of targeted attacks of this kind includes the infamous May 2017 WannaCry ransomware attack. During the four days, the WannaCry attack affected more than 200,000 victims, and 300,000 computers were infected.
