Eight cyber threats your business could be facing
The statistics do not match the rhetoric when it comes to cybersecurity and too many organisations are still talking a good game instead of actually implementing robust processes and procedures.
The government is keen to protect the economy and minimise the disruption that cyber criminals wreck on UK business. But research from the Department for Digital, Culture, Media & Sport shows there is still a lot of work to do.
Its Cyber Security Breaches Survey 2018 found that while 74pc of businesses say cybersecurity is a high priority, only 27pc have formal cybersecurity policies in place. Only 30pc of businesses have a board member with responsibility for cybersecurity and just 20pc have put staff through cybersecurity training in the last 12 months.
In the last year, 43pc of companies experienced a cybersecurity breach or attack. Where these incidents resulted in a loss of assets or data, the mean cost for small and micro businesses was £2,310, rising to £22,300 for large businesses.
While 74pc of businesses say cybersecurity is a high priority, only 27pc have formal cybersecurity policies in place.
When examining the most common cybersecurity threats, virtually all of them fall under one of the following three categories: human behaviour/error; IT or third-party relationship.
Human behaviour/error is the most frequent enabler of cybersecurity breaches, creating a weak spot for criminals to exploit. Whether clicking on an unsolicited link or failing to safeguard passwords, people are the root cause of many successful attacks. Companies could repel the vast majority of cyber scams by creating a robust digital safety culture within their organisation.
Similarly, technology-based solutions can lock out criminals. Immediately rescinding access to employees leaving the organisation stops them causing problems once they have gone. Immediately installing software patches and upgrades will ensure the latest security is in place. All too often, it is out-of-date software that gives criminals the access they need.
The final category is third parties. If they have access to your systems, but you do not have a robust cybersecurity culture in place, then your own efforts are undermined.
The most common individual cyber threats facing businesses are:
Malicious links distributed via email
Regular and robust training will improve employee behaviours and prevent them from opening unsolicited emails and clicking on links they are not expecting.
Poorly guarded usernames and passwords
Offering guidance on username and password generation will prevent employees using the same login details on multiple devices and make them more aware of how to protect these details effectively.
Inconsistent adherence to IT and data policies
Ongoing and consistent training will make sure employees know what is expected of them. This learning should be tested regularly.
Malware gaining access via personal devices
The lines between our personal and professional lives have become increasingly blurred. Training should reflect this, seeking to improve behaviours in every aspect of employees’ digital lives and not just focusing on the IT used at work.
Social media malware
Companies may prohibit access to personal social media accounts, but an increasing number of companies now have corporate accounts and developing this online presence is becoming more important for a wider spectrum of businesses. Companies must develop/recruit the requisite skills to manage, maintain and operate these accounts.
Data on stolen devices
Is the data encrypted? Is the device password protected? Phones get lost and laptops get left on trains, but reminding employees of their responsibilities when using company equipment and ensuring the appropriate IT security is in place will go a long way to preventing problems.
Installing patches and software upgrades as soon as they are available must be a priority for every employee. Cybersecurity should also be a primary concern in any dealings with third-party software and IT service providers.
Former employees retaining access to systems
Standard procedure must ensure permissions are rescinded as soon as an employee stops working with the company.
Cyber risks are growing in number and sophistication, but so too are the tools available to mitigate and manage these threats.
Insurers can provide a wealth of risk management information to help companies create the right cybersecurity culture and implement robust safeguards. A tailored insurance policy will then provide the financial protection required for the specific exposures that remain.
Cybersecurity | Biggest claims by frequency and severity
- Ransomware is by far the most frequent cause of insurance claims. What is most worrying about these attacks is that they are non-discriminatory, non-targeted and affect a very broad base of companies.
- The largest claims by value come from system outages and the subsequent losses from business interruption, increased cost of working, and recovery costs.