In 2019, pretty much all businesses are online, always connected, in an environment that can be easily exploited because of a lack of security and oversight of cyber threats.
Facing a changing regulatory landscape designed to heighten responsibility for data privacy with the introduction of the GDPR in May 2018, many companies need to reassess their cybersecurity positioning.
Massive cybersecurity breaches have become commonplace from Facebook to British Airways to the NHS, all regularly grabbing national headlines.
But for all of the attention generated by these incidents, many organisations still struggle to comprehend and manage the risks of a cyber attack and fail to prepare adequately.
In the UK’s financial sector there has been a sharp rise in the number of cyber-incidents as reported by the Financial Conduct Authority which has revealed that the number of declared events rose from 69 in 2017 to 819 in 2018, a rise of more than 1,000%.
Small businesses in the UK are the target of an estimated 65,000 attempted cyber- attacks every day, according to new figures from a study from Hiscox, a specialist insurer, with almost one in three (30%) of UK small businesses suffering a cyber – equivalent to over 4,500 successful attacks per day or one every 19 seconds.
The Cyber Security Breaches Survey is a survey of UK businesses that helps organisations to understand the nature and significance of cybersecurity threats they face, and what others are doing to stay secure. It also supports the Government to shape future policy in this area.
- Over four in ten businesses (43%) experienced a cybersecurity breach or attack in the last 12 months.
The finance sector regulator, the FCA, has recorded a ten-fold increase in cyber-crime incidents year-on-year. According to a recent report conducted by Hiscox, there has been a sharp increase in the number of cyber-attacks, with more than 60% of firms having reported one or more attacks, up from 45% in 2018.
The most common types of breaches were related to staff receiving fraudulent emails (in 72% of cases). The next most common breach related to viruses, spyware and malware (33%), people impersonating the organisation in emails or online (27%) and ransomware (17%).
Attackers know that smaller businesses will have less money and fewer resources to spend on IT and by targeting them they can by-pass security to attack a business’s assets.
The majority of cyber-attacks are automated and indiscriminate, exploiting known vulnerabilities within commonly used IT systems that smaller firms are less resilient to.
Accountants and cybersecurity
Accountants and other financial institutions are particularly attractive to cyber criminals. In fact, PwC estimate that financial institutions are over 30% more likely to be targeted than other companies. Cybersecurity continues to threaten profit, data privacy, and a business's reputation, which is particularly important within the sector.
Many financial institutions have legacy systems and processes that can make adopting new and safer technology difficult, even as new technology ramps up user expectations. But, many firms struggle with making progress with their digital journey.
So what makes accounting and finance firms such an attractive target for cyberattacks?
- They hold sensitive client and financial information
- Handle significant funds
- Undertake commercial and business transactions
- Deal with high-value commercial data
- Data is a lucrative
There have been a number of targeted attacks against the industry, Deloitte one of the world's biggest accountancy firms, was hit by a cyber attack, The Guardian revealed.
In the past, the main risks of data breaches were from the loss or theft of data held in hard copy or on devices. However, now that data is stored in many different electronic formats and methods, the risks have evolved.
According to the Cyber Security Breaches Survey 2019, 78% now see cyber security as a high priority. However, only 15% of small businesses have a formal cyber incident management process.
According to the Business Population Estimates conducted by the UK Government, almost half (43%) of British SMBs admit to having no business continuity, disaster recovery or crisis management plans in place, despite almost the same number of UK businesses (46%) suffering at least one cyber security breach or attack and are clearly not prepared to manage the consequences of an attack.
A KPMG survey suggests that only 23% of small businesses prioritise cybersecurity as a top concern.
As an SMB, the UK Government is helping by providing a range of standards and guidelines and the most useful of these for SMBs is Cyber Essentials.
What is Cyber Essentials?
Cyber Essentials is the UK Government backed scheme administered through the National Cyber Security Center (NCSC) that aims to show organisations how to protect themselves and prevent the most common cyber attacks.
The NCSC claims Cyber Essentials can help eliminate the risk of 80% of cyber attacks and the standard provides simple but effective guidelines that protect organisations against cyber attacks.
The primary aim of this scheme is to motivate organisations to adopt the best practices in their information security strategy and once fully implemented it provides organisations with basic protection against the most common cyber threats.
For those organisations who need to take their cybersecurity to a higher level, you can go for Cyber Essentials Plus certification.
Three reasons to get your Cyber Essentials certification
1. The consequences of a breach
The direct costs of a cyber-attack can be extremely expensive, but actually underestimates the real expense of an attack.
Cyber related costs typically include ransoms paid, hardware and software systems replaced, the impact of losing customers and the expense of trying to attract future business and repair the reputational damage, all of which can be difficult to cover for a small business.
Plus with the introduction in May 2018 of the GDPR there are potentially regulatory fines that businesses will face because of the consequences of a cyber-attack.
Under the EU’s new rules with GDPR, all European citizens have the right to know how their personal data is being used, why it’s being processed, have the right to access and correct it, restrict further processing of it and ask that all their data be erased or passed onto another party.
2. Sophisticated hackers
The internet opens the door to huge opportunities and rewards, but also lowers the technical barriers to entry for criminals to undertake cyber-attacks.
An attack on your business can also take place remotely, on third party systems that hold your data, on hardware stolen from your premises or by your staff sharing confidential information accidentally or for financial gains.
The commercialisation of cybercrime has made it easy to obtain the tools needed to launch a cyber-attack. More often than not, the hackers like any criminal know that if they keep on trying, eventually they will breach your defences and gain access to your systems and applications.
3. It shows that you take cybersecurity seriously
Becoming Cyber Essentials certified can help you establish the trust of clients and partners. It shows that you have made a promise to take your cybersecurity responsibilities seriously, protecting stakeholder assets and having legal and compliance processes in place.
The rise in awareness of the consequences of a cyber-attack have seen an increased demand for evidence that your business takes its responsibilities seriously and invests in protecting data and information.
Once you are certified, you will be able to display a Cyber Essentials certification and be listed on the Directory of organisations awarded Cyber Essentials.
How can Worktools help?
The Worktools Cybersecurity managed service plans utilise the latest in advanced cybersecurity technology. Monitored from our Security Operations Centre, they offer sophisticated protection for your business from all known types of cyber threats.
Let us help you look after your data, your reputation and legal compliance.
Worktools will undertake an initial security assessment and implement an appropriate plan that ensures your employees, internal data and guest data is secure, both locally and through remote access. We can also help create your cybersecurity response plan so your employees know what to do in response to an incident.
Image source: www.freepik.com