Cybersecurity continues to be a top priority among CEOs, regardless of their industry. That’s because the number of cyberattacks is increasing every year with hackers attempting to break into a computer “every 39 seconds on average.”
Looking to 2020 it promises to be the year when a number of cybersecurity trends converge. The global rollout of 5G wireless technology, combined with the expansion of the IoT, means that more and more vulnerable devices will be connected to the internet, each a potential target for hackers.
Plus, the tech talent crisis will continue to affect the data privacy and cybersecurity sector disproportionately because the number of job openings is increasing faster than the supply of these specialists.
Reacting to the security threats
The 5 most cyber-attacked industries in 2016, healthcare, manufacturing, financial services, government, and transportation have remained largely the same, although the rank order has been changing. Fast forward to 2019 and most industries have gone “Hi-Tech” and they all need to scale up their approach to cybersecurity.
UK businesses continue to face unprecedented technology changes, the consequences of which are mounting IT security challenges as they rely more and more on technology to carry out business.
Plus, the use of mobile devices in the workplace, an increase in remote working, and the proliferation of cloud services have exacerbated an already high level of cybersecurity threats.
And, at the same time, companies have become far more vulnerable to cyber-attacks because they have failed to adequately educate employees, address IT security weaknesses and employ suitable IT infrastructures to protect data and the IT network.
Small businesses (SMBs)
Nearly half of all cyberattacks are committed against small businesses, and the percentage is expected to continue rising.
SMBs in the UK are the target of an estimated 65,000 attempted cyber-attacks every day, according to figures from a study from Hiscox, a specialist insurer.
The majority (66%) of those SMB’s that suffered an attack, admit to making no changes to their policies or systems subsequent to a breach. This is perhaps one of the key reasons why over half (56%) of those who’ve suffered a breach, are the victim of multiple attacks.
For the cyber criminals, cybercrime offers high returns for low risk. Targeting smaller organisations who are likely to have invested less and have fewer resources to spare on defending their business from a cyber-attack.
The majority of these attacks are automated and indiscriminate, exploiting known vulnerabilities with IT systems and human fallibility. Plus, the commercialisation of cybercrime has made it easy to obtain the resources needed to launch a cyber-attack.
An attack on your business can also take place remotely, on third party systems that hold your data, on hardware stolen from your premises or by your staff sharing confidential information by mistake or for financial gains.
Hackers are increasingly targeting subsidiaries, that may employ less stringent cybersecurity measures, as an easier target than trying to directly breach the defences of a larger parent company.
If a subsidiary suffers an attack, hackers will look to use the breach to access the parent company with severe consequences if sensitive data is stolen or business applications locked and ransoms demanded.
One of the most common ways for a business to be hacked or breached is from attempts to steal an employee’s password to log into a secure system and steal that person's identity.
The fact that we live now such connected lives, accessing business applications at the same time as we catch up on social media, that it can become a chore to continually come up with difficult passwords - and with a low perception of risk, workers would rather take a shortcut to complete a task using easy or the same password across different systems.
Plus more of us are working remotely or have jobs where we are on the move which can mean that it is tempting to put productivity before security.
So, look at introducing a mandatory company policy of complex, unique passwords which avoid common phrases, or an employee’s name for example. You could also encourage employees to use password manager applications, that generate and secure store random passwords which make it harder for cybercriminals to crack.
IT departments should also regularly run audits to identify common passwords and provide best practices to follow.
Ransomware continues to be biggest malware threat.
Ransomware is a type of malware that prevents the victim from accessing files or data on their computer or network until a ransom has been paid.
High-profile cyber crime incidents such as WannaCry in May 2017, which affected 200,000 computers in 24 hours, highlight the indiscriminate nature of such attacks.
Email is the most common route for ransomware to access your system. A recent study estimated that 80-90% of ransomware attacks come via email, so make sure everyone is vigilant when opening emails and attachments.
By keeping your antivirus systems, and your software applications up to date, you greatly reduce the risk of malware infection.
It is equally important to carefully control what software and applications you choose to allow into your firm, making sure that there is support in place for patching any security vulnerabilities that are flagged up.
Make sure your firm has a formal cybersecurity strategy and incident response plan in place and back up your most important data on a separate secure network or device, to be able to easily restore access to your files.
Making plans to boost cybersecurity
The rise in awareness of the impacts of a cyber attack or the financial and reputational consequences of data breaches, have seen an increased demand for evidence that your business takes its responsibilities seriously and invests in cyber protection.
Cyber Essentials is an increasingly important certification to achieve for businesses and organisations of all sizes in the UK.
Cyber Essentials reassures customers that you are working to secure your IT and their data against cyberattacks.
For smaller businesses with little or no IT support or expertise, it provides a basic first step towards cybersecurity and can help build a relationship with a trusted IT supplier.
What is Cyber Essentials?
Cyber Essentials is a UK Government backed scheme administered through the National Cyber Security Center (NCSC) to show organisations how to protect themselves and prevent the most common cyber attacks.
The NCSC claims Cyber Essentials can help eliminate the risk of 80% of cyber attacks. The Government and industry have worked together on this scheme to ensure UK organisations with limited experience of cybersecurity are able to improve their defences.
The Cyber Essentials scheme addresses the most common Internet-based threats to cybersecurity and considers these threats to be:
- Phishing — and other ways of using email to trick users into installing or executing a malicious application
- Password guessing
The Cyber Essentials scheme is not covered by binding regulation, instead, it offers organisations and businesses a means to demonstrate their commitment towards addressing cybersecurity by achieving an accredited and registered certification standard.
For those organisations who need to take their cybersecurity to a higher level, you can go for Cyber Essentials Plus certification.
Cyber Essentials is just one step of the journey towards securing your organisation against cyber attacks. As an outside provider Worktools can do initial security assessments and ensure that everything is secure, both locally and through remote access.
We can also help create your cybersecurity plan so you know how to prepare and if necessary respond to an incident.
Image source: www.freepik.com