Lisa Ventura, founder and CEO of the UK Cyber Security Association, looks at how cyber attacks impact businesses and SME’s, how sophisticated they are and what can be done to prevent them
According to a recent study undertaken by Barclays Bank the average cost of each cyber attack is more than £1,000 per attack, and 29 per cent of cyber attacks and attempts against small businesses and SME’s are successful. What’s more, 10.6 per cent of those who took part in the study revealed that they had been victims of a cyber attack, and 8.58 per cent of these had to make staff redundant to cover the cost of what happened to them. With 43 per cent of all cyber attacks and hacking attempts being against small businesses and SME’s, this is an area that is fast become one that can no longer be ignored.
A cyber attack is any criminal act against computers and networks and is often called hacking. It can also cover more traditional crimes conducted through the internet. Some common types of cyber attacks against businesses can include computer system attacks, malware, ransomware, business identity theft, phishing, web based and denial of service (DDoS) attacks. These kinds of attacks have the potential to inflict enormous damage to growing businesses, especially those who operate on small margins. However, many small businesses and SME’s do not have this as one of their main priorities, with other areas such as HR, accounts and investor pitching often taking precedence.
With cyber-attacks continuing to increase at an alarming rate and evolve beyond disruption towards specific objectives such as targeted data theft, they are now becoming more and more sophisticated. As such, traditional approaches to cyber-security are fast becoming ineffective. Perimeter-based security, detecting and blocking what comes in and out of the environment, is no longer adequate in stopping cyber attacks. 2018 is fast becoming the year in which CEO’s can no longer ignore the growing cyber threat. Cyber security and the prevention of cyber attacks is now everyone’s responsibility.
Securing your business from cyber attacks
Regardless of what industry your business operates in or the size of your business there are some simple steps you can take to help safeguard against potential cyber attacks. Ensure your systems are up to date at all times - While there are many valid reasons why small businesses and SME’s struggle to keep their systems up to date including the cost of doing this, ensuring you are running the latest version of Windows, Mac OS and other software is crucial. By updating your systems on a regular basis major issues are often fixed, and you are less likely to be compromised by a cyber attack.
Back up, back up, back up and back up again - while in the past backing up company data was a laborious process, cloud storage solutions today are affordable, simple and fast. There are huge benefits to storing your data on the cloud and while there is still a small risk that these can still be compromised your data will be protected against certain types of cyber attacks such as ransomware. It is vital you take complete back ups of your company files and data on a regular basis.
Knowledge is key: Educate your staff – the more training and awareness that your staff have of cyber fraud, the better equipped they will be to safeguard against potential attacks. With small businesses and SME’s being more reliant and dependent on the internet than ever before, it is vital that you train all your staff to be cyber aware at a minimum.
Conduct regular risk assessments – while there is much you can do to help protect your systems and business from cyber fraud internally, having regular risk assessments undertaken by a professional may highlight any areas that may have been overlooked. Cyber Essentials is a great place to start for this.
Introduce a password policy – insecure passwords can often be an organisation’s weakest link, so review these regularly. Introduce a password policy that forces your employees to change their passwords frequently.
How is the cyber security industry developing its skill set to combat this growing threat?
Despite the cyber skills gap that exists today, the UK government and many leading organisations are working together to ensure the next generation of security professionals have the skills and expertise to stay one step ahead of hackers. Since the UK Cyber Security strategy was rolled out in 2011, several measures and organisations have been developed and launched to help combat the growing cyber threat. These include:
The launch of the National Cyber Security Centre – in response to the ever-growing threat of cyber attacks, the UK government in conjunction with GCHQ launched the National Cyber Security Centre. Based in London, the centre aims to be at the forefront of the cyber security industry by providing relevant, timely and up to the minute responses to the latest malware, ransomware and other sophisticated cyber attacks.
Training neurodiverse individuals for a career in cyber security – studies have shown that neurodiverse adults, such as those who are on the autistic spectrum, are well suited to a career in cyber security. In Worcester, Dr Emma Philpott has set up a Community Cyber Security Operations Centre (SOC) which is being used as a training centre for neurodiverse individuals in cyber security. It also operates services to protect vulnerable adults who are commonly targeted by cyber criminals. By tapping into the neurodiverse community the cyber skills gap can be addressed and opportunities given to these individuals to have a meaningful career that they wouldn’t have otherwise had.
Getting young people interested in cyber security and programming – the key to developing the cyber security professionals of the future is to get them interested in cyber security while at school, and to help with this the Cyber Security Challenge was born. The Cyber Security Challenge UK is a set of learning programmes, networking events and competitions that run all over the UK which are designed to identify leading cyber security talent and to encourage young people to be more cyber aware and consider becoming cyber security professionals. Through this medium the next generation of cyber security talent can be found, nurtured and developed.
Ensure the cyber security supply chain is protected – everyone has a smartphone, tablet or computer and the components used to make these are very similar. As other devices are developed and made it is essential that security practices, operations and methods that supply chains use are audited and reviewed regularly. Cyber essentials is a great way to show that you’re your organisation takes cyber security seriously, and having this accreditation can open doors for companies to trade with the government, councils and the MOD.
Training, education and cyber awareness - the growing cyber threat cannot be combated without raising awareness of the seriousness of cyber security. It is critical that this is done without hype but also with the aim of ensuring that cyber security is everyone’s responsibility. Everyone should have access to tools that will help them to protect their homes, companies but most importantly of all, to protect themselves against potential cyber attacks. Educating the general public about cyber attacks will help awareness about the growing cyber threat cascade into offices, schools, further education establishments and even further afield.
The development of a cyber workforce that is strong and robust – if cyber security is to be at the heart of education it should be heavily promoted via science subjects, technology, engineering and mathematics (STEM subjects) to ensure that those with a strong interest in cyber security can develop and utilise their skills to enter a career in the cyber security industry. Utilising the strong talent that exists in hacker communities should be a top priority.
Final thoughts
The growing threat from cyber attacks is not going to disappear any time soon, therefore small businesses and SME’s need to embrace this and ensure they are as prepared as they can be against cyber-attacks. With a few simple steps and training, you can successfully protect your business against cyber fraud.
The UK Cyber Security Association (UKCSA) is a new membership organisation responsible for providing centralised contact for resources within the cyber security industry across the UK. It exists to support individuals and companies within the industry and works towards a specific set of objectives to promote the importance of cyber security for businesses and individuals.
Lisa Ventura is the Founder and CEO of the UK Cyber Security Association, a membership association that is solely dedicated to individuals and companies who actively work in cyber security in the UK. She has over 10 year’s experience in the cyber security industry and is passionate about raising awareness of being more cyber aware in business to help prevent cyber attacks and cyber fraud.
