Article

A-Z of cyber security part one: from assurance to Grant Thornton

Agenda magazine Agenda magazine

Being hacked is just a major challenge for IT. Right? Wrong.

We highlight some revealing statistics around cyber attacks and identify common cyber risks shared by companies.

A is for assurance

Can you rest in the knowledge that your organisation is safe from cyber attacks? The continuous development of new methods to connect and share information increases the chance of a cyber security threat, and cyber incidents are unpredictable and unforgiving. So protecting your intellectual property, your customer’s data and other business critical information is pivotal to your growth, innovation and reputation. Robust assurance includes assessing how effective your current systems are, identifying key cyber risks, reviewing third party risk management arrangements, complying with industry, regulatory and legal standards, and creating ongoing programmes to preserve and enhance your privacy and cyber security systems.

B is for 'BYOD'

Bring your own device (BYOD) is a growing trend in which employees use their own smartphones, tablets and laptops to access business servers and data. “Employees want to use the devices they are comfortable with,” says Mark Coates, EMEA AP at Dtex Systems. “By giving them what they want, companies will ultimately benefit.” The flexibility, IT cost savings and convenience of this strategy do, however, have to be weighed against the cyber security risk of connecting unsecured devices to a company’s system.

C is for cyber attacks

The Cyber Security Breaches Survey 2018 found that 42% of small businesses1 (one to 49 staff) and 65% of large businesses2 (50 or more staff) in the UK identified a cyber breach or attack in the last 12 months. Cybersecurity Ventures3 estimates the annual global cost of cyber attacks will hit $6 trillion by 2021, with companies set to spend in excess of $1 trillion on cyber security. According to the National Audit Office4, 80% of all cyber attacks could potentially be avoided by exercising good cyber hygiene.

A-Z of cyber security
Part two: from hacking to privacy Find out more
A-Z of cyber security Part three: from quick response to zero day Find out more
Hub What's on your agenda? Find out more

D is for the dark web

Part of the internet not visible to ordinary search engines, the dark web requires the use of an anonymising browser to be accessed. Despite many legitimate uses, it is overwhelmingly used for criminal activity. You can buy credit card numbers, counterfeit money, stolen subscription credentials and hacking kits. Our covert imminent breach system (CIBS) scans the dark web for stolen credentials, such as usernames and passwords. We identify information relating to client data in more than 80% of searches.

E is for employees

“People remain companies’ biggest weakness,” says UK managing director at cyber security specialist Coalfire, Andy Barratt. “Whether through human error or creating opportunities for social engineering hacks, the chances are that your staff will be your cyber security Achilles’ heel.” Morrisons recently lost an appeal in the UK that found it liable for a former employee leaking the personal data of over 100,000 other employees, emphasising the need to educate, monitor and react promptly if anyone acts against the business’s interests.

F is for fake boss fraud

A 2018 report by Get Safe Online and Lloyds Bank5 showed that 454,960 businesses in the UK had been hit by ‘fake boss’ scams, with SMEs losing an average of £27,000 when targeted. Using personal data to impersonate managers or business contacts, fraudsters contact staff asking them to transfer money. “The email will be carefully crafted. It may contain reference to some personal information – often gained from social media – to make it look genuine,” says technical manager at the ICAEW’s IT Faculty, Mark Taylor. Some 53% of report respondents said they had experienced scammers posing as their CEO, with 8% having fallen victim to impersonation fraud. Data from Lloyds Bank reveals a 58% rise in reported impersonation frauds in 2018.

G is for Grant Thornton’s cyber security services

We have identified that business rather than technology issues are exposing companies to risk. Our digital security service helps businesses to:

  • Identify risks with a cyber health check
  • Protect against risk with a covert imminent breach system (CIBS) subscription
  • Detect risks with cyber security design
  • Respond with incident response and remediation
  • Recover from cyber attacks with cyber awareness and training

“It’s not an IT problem, it’s a risk issue,” says partner and head of cyber consulting, James Arthur. “It’s a risk you should manage alongside all your other risks. No business wants to hear that they need to spend £50 million over the next four years on this, so we ask what we can do that will make the most impact to the real threat within their cost envelope. We frame the conversations in a way that non-techies can understand and try to make it practical and pragmatic.”

To discuss how you can protect your business from cyber attack, contact James Arthur, partner and head of cyber consulting.

References

1 Cyber security breaches survey 2018 - Micro/small business findings, Gov.uk, 2018

Cyber security breaches survey 2018 - Medium/large business findings, Gov.uk, 2018

Cybercrime Damages $6 Trillion By 2021, Cybersecurity Ventures, 2018

The UK cyber security strategy: Landscape review, National Audit Office, 2013

5 ‘Fake boss’ scams highlighted in Fraudstars awareness campaign, Get Safe Online and Lloyds Bank, 2018

CEO insights

Sign up to get the latest insights and stories for owners and business leaders by email