There is a recurring message in many of the surveys about cyber security. It’s broadly this: a high number of businesses say that cyber security is an important issue – but a low number report any evidence of actually doing something about it.
The latest Cyber Security Breach Survey 2017 illustrates this perfectly. IPSOS MORI interviewed 1,523 UK businesses. In 74% of cases the directors or senior management said that cyber security is a high priority but only 20% currently provide staff with cyber security training – and only 33% have any formal policies in place.
The fact that board level executives recognise the problem is positive – but a worrying number don’t seem to be taking any action. This might change after the recent global ransomware attacks but, if you are still struggling to convince your board, this blog is for you.
The blog is a preview for a new Slideshare called ‘Convince your board: Cyber attack prevention is better than cure’. The slides are designed to do exactly what it says on the tin. They are for anyone concerned about the growing threat of cyber crime to their organisation. We also explain how to overcome a number of typical vulnerabilities.
The full presentation can be viewed here . Below, we touch on the highlights.
How real is the threat?
Very real. Everyone hears about the big breaches. Wonga, TalkTalk, Tesco Bank – unfortunately it creates the assumption that it’s only the large organisations that interest the cyber criminal. While the April 2017 Cyber Breaches Survey found that 68% of large UK businesses were hit by a cyber breach or attack in the past year – so were 45% of all micro/small businesses.
In other words, there is almost a 1 in 2 chance your business will be subject to an attack. The cyber criminal wants you to think it won’t happen to you – but, with odds like that, do you want to take the chance?
What tactics do they use?
It’s another misconception to think that cyber attacks are highly sophisticated. Hacked large organisations often use that excuse to suggest they couldn’t have done anything to prevent that embarrassing attack. That was TalkTalk’s story – until it was revealed that the attacker was actually a teenager, working from his bedroom.
In fact, the most common type of breaches in the Cyber Breaches Survey didn’t even involve a hack – they were staff receiving fraudulent emails (72% of those who identified a breach or attack).
What can a breach cost?
Reports and estimates vary. We know the TalkTalk compromise on 21 October 2015 cost them an estimated £60m, as well as a sharp drop in their share price. We also know they received a fine of £400,000 from the Information Commissioner’s Office.
But what about the costs faced by SMEs, the real backbone of the economy? Research by insurer RSA found the cost of a breach could be between £75,000 and £311,000 for SMEs.
What disruption can a breach or attack actually cause?
It’s not just about financial loss – that’s often how attacks are reported but, in the meantime there’s a business to run and the effects of a breach or hack can cause havoc.
There’s loss of access to files or networks, software or systems corrupted or damaged – the list continues on the Slideshare -any one would be a big enough problem, but attacks are seldom that simple.
What preventative measures can you take?
Visit Slideshare and download our presentation . You’ll find a number of slides covering basic security controls, avoiding exploitation and links for additional prevention information.
Have we convinced you?
The facts don’t lie. A cyber breach or attack can cause substantial damage to your organisation – and we feel prevention should be at the top of your board’s agenda.
If you’d like to discuss how ourconsultants could advise on prevention – or any aspect of cyber security, please contact Dave James, MDat Ascentor.
Email: [email protected]
Office: 01452 881712