Being hacked is just a major challenge for IT. Right? Wrong.
We highlight some revealing statistics around cyber attacks and identify common cyber risks shared by companies.
A is for assurance
Can you rest in the knowledge that your organisation is safe from cyber attacks? The continuous development of new methods to connect and share information increases the chance of a cyber security threat, and cyber incidents are unpredictable and unforgiving. So protecting your intellectual property, your customer’s data and other business critical information is pivotal to your growth, innovation and reputation. Robust assurance includes assessing how effective your current systems are, identifying key cyber risks, reviewing third party risk management arrangements, complying with industry, regulatory and legal standards, and creating ongoing programmes to preserve and enhance your privacy and cyber security systems.
B is for 'BYOD'
Bring your own device (BYOD) is a growing trend in which employees use their own smartphones, tablets and laptops to access business servers and data. “Employees want to use the devices they are comfortable with,” says Mark Coates, EMEA AP at Dtex Systems. “By giving them what they want, companies will ultimately benefit.” The flexibility, IT cost savings and convenience of this strategy do, however, have to be weighed against the cyber security risk of connecting unsecured devices to a company’s system.
C is for cyber attacks
The Cyber Security Breaches Survey 2018 found that 42% of small businesses1 (one to 49 staff) and 65% of large businesses2 (50 or more staff) in the UK identified a cyber breach or attack in the last 12 months. Cybersecurity Ventures3 estimates the annual global cost of cyber attacks will hit $6 trillion by 2021, with companies set to spend in excess of $1 trillion on cyber security. According to the National Audit Office4, 80% of all cyber attacks could potentially be avoided by exercising good cyber hygiene.
Part of the internet not visible to ordinary search engines, the dark web requires the use of an anonymising browser to be accessed. Despite many legitimate uses, it is overwhelmingly used for criminal activity. You can buy credit card numbers, counterfeit money, stolen subscription credentials and hacking kits. Our covert imminent breach system (CIBS) scans the dark web for stolen credentials, such as usernames and passwords. We identify information relating to client data in more than 80% of searches.
E is for employees
“People remain companies’ biggest weakness,” says UK managing director at cyber security specialist Coalfire, Andy Barratt. “Whether through human error or creating opportunities for social engineering hacks, the chances are that your staff will be your cyber security Achilles’ heel.” Morrisons recently lost an appeal in the UK that found it liable for a former employee leaking the personal data of over 100,000 other employees, emphasising the need to educate, monitor and react promptly if anyone acts against the business’s interests.
F is for fake boss fraud
A 2018 report by Get Safe Online and Lloyds Bank5 showed that 454,960 businesses in the UK had been hit by ‘fake boss’ scams, with SMEs losing an average of £27,000 when targeted. Using personal data to impersonate managers or business contacts, fraudsters contact staff asking them to transfer money. “The email will be carefully crafted. It may contain reference to some personal information – often gained from social media – to make it look genuine,” says technical manager at the ICAEW’s IT Faculty, Mark Taylor. Some 53% of report respondents said they had experienced scammers posing as their CEO, with 8% having fallen victim to impersonation fraud. Data from Lloyds Bank reveals a 58% rise in reported impersonation frauds in 2018.
G is for Grant Thornton’s cyber security services
We have identified that business rather than technology issues are exposing companies to risk. Our digital security service helps businesses to:
Identify risks with a cyber health check
Protect against risk with a covert imminent breach system (CIBS) subscription
Detect risks with cyber security design
Respond with incident response and remediation
Recover from cyber attacks with cyber awareness and training
“It’s not an IT problem, it’s a risk issue,” says partner and head of cyber consulting, James Arthur. “It’s a risk you should manage alongside all your other risks. No business wants to hear that they need to spend £50 million over the next four years on this, so we ask what we can do that will make the most impact to the real threat within their cost envelope. We frame the conversations in a way that non-techies can understand and try to make it practical and pragmatic.”
To discuss how you can protect your business from cyber attack, contact James Arthur, partner and head of cyber consulting.