In my world as a Risk Consultant I spend a lot of time reviewing and trying understand the risks that face UK organisations with a view to helping businesses of any size keep their business, assets and money safe.
As part of this I attend lots of seminars, conferences and events where the Police or Government bodies such as the ICO, the National Cyber Security Centre or the National Crime Agency share their wisdom and actual details of the impact of cyber-crime or data losses…….Exciting stuff but someone has to do it!!
AND my summary is that the world of cyber-crime feels like is just getting scarier with billions being lost worldwide. I live and work in Kent where in the 6 months to September 2018 Kent lost £17m to cyber-crime WOW!!
AND 66% of this were attacks on businesses
AND increasingly it’s the smaller businesses being attacked as they are easier targets
AND still businesses and their staff do not appear to be investing in the necessary education to protect themselves
WOW!!
As the cyber experts are stating it’s not a case of if but when https://youtu.be/0u32tliJh84
Education and awareness to be honest has to be the key, as most cyber attacks are really new; yes there are over 6000 new computer viruses created and released every month but in most cases they are not new so the IT defences provided by the global giants are geared up to stop and protect us with filters, monitoring tools, anti spam and malware and tracking software.
HOWEVER despite these excellent software and tools the problem continues and arguably that’s because the hackers are one step ahead……always!
Cyber criminals know how to bypass the security measures and with a plethora of data being shared online and through social media we make it even easier to help them bypass the IT defences with socially engineered attacks. Cyber criminals know that it only takes one email or one click and they can steal our data or do harm to our computers and networks.
Is it therefore surprising that one in 10 URLs is malicious or that every email user is getting on average 16 phishing emails a month?
So Yes; WOW; this is potentially scary stuff and the Police and Government Bodies are doing their very best to protect us but as UK businesses we must start to take more responsibility ourselves and not just rely on our IT support; we must ensure regular and ongoing awareness training; we must ensure we evolve our IT defences
The good news is that cyber defences do work but to minimise our risks it has to be a combination of efforts.
The NCSC 10 Steps to Cyber highlights what we need to be thinking about and of these not all the answers are solutions provided or offered by your IT support :
https://www.ncsc.gov.uk/collection/10-steps-to-cyber-security
Additionally, there is a great series of free education and information to educate people
- https://www.ncsc.gov.uk/section/information-for/small-medium-sized-organisations
- https://www.getsafeonline.org
- https://www.ncsc.gov.uk/collection/board-toolkit
or more specific training providers like Risk Evolves
There is also Cyber Essentials certification which is a fantastic measure of whether your business is meeting the basic security requirements and really should be a mandatory requirement for all businesses now, after all you wouldn’t book a holiday that isn’t ABTA bonded, so why would you share data with a company that can’t demonstrate it’s got the basics in place ? :
So Take 5 https://takefive-s9topfraud.org.uk to think and keep safe. It’s potentially scary out there and battles will lost, but lets not lose the war.
