Cybercrime’s Deadly Impact On Business

Uploaded on 2019-12-16 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

Cybercrime is constantly on the rise, with virtually all UK businesses exposed to cyber security risks according to a 2017 Government Data Breach survey.
 
It is important to protect your business against cyber security threats and make the most of the opportunities online. A single successful attack could seriously damage your business and cause financial burden for you and your customers, as well as affect your business's reputation.
 
For instance: last year, 46% of UK businesses have suffered a cyber-attack either through decreased customer trust or the actual theft of money and personal information. A successful cyber-attack can cause major damage to your business. It can affect your bottom line, as well as your business' standing and consumer trust. 
 
Some of the threats to your business IT systems are:
 
  • Adware - Adware is a form of computer virus which fills your computer with advertisements and is a fairly common form of cyber-attack. Adware can often allow other viruses to enter your computer once you’ve accidentally clicked on them.
  • Ransomware - Ransomware is a type of malicious software that designed to withhold access to an individual’s or business’ computer system until a sum of money is paid.
  • Spyware - Spyware is a form of cyber infection which is designed to spy on your computer actions, and relay that information back to the cyber-criminal.
The impact of a security breach can be broadly divided into three categories: financial, reputational and legal.
 
Economic cost of a Cyber Attack - Cyber-attacks often result in substantial financial loss arising from:
 
  • theft of corporate information
  • theft of financial information (e.g. bank details or payment card details)
  • theft of money
  • disruption to trading (e.g. inability to carry out transactions online)
  • loss of business or contract
Businesses that suffered a cyber breach will also generally incur costs associated with repairing affected systems, networks and devices.
 
Reputational Damage - Trust is an essential element of customer relationship. Cyber-attacks can damage your business' reputation and erode the trust your customers have for you. This, in turn, could potentially lead to:
  • loss of customers
  • loss of sales
  • reduction in profits
The effect of reputational damage can even impact on your suppliers, or affect relationships you may have with partners, investors and other third parties vested in your business.
 
Legal consequences of Cyber Breach
Data protection and privacy laws require you manage the security of all personal data you hold, whether on your staff or your customers. If this data is accidentally or deliberately compromised, and you have failed to deploy appropriate security measures, you may face fines and regulatory sanctions.
 
How to minimise the impact of Cyberattacks on Businesses
Security breaches can devastate even the most resilient of businesses. It is extremely important to manage the risks accordingly. 
 
After an attack happens, an effective cyber security response plan can help you to:
  • reduce the impact of the attack
  • report the incident to the relevant authority 
  • clean up the affected systems
  • get your business up and running in the shortest time possible
It is vital invest in user training, education and awareness in your organisation on an ongoing basis. 
 
The statistics often do not match the rhetoric when it comes to cybersecurity and too many organisations are still talking a good game instead of actually implementing robust processes and procedures. The British government is keen to protect the economy and minimise the disruption that cyber criminals wreck on UK business. But research from the Department for Digital, Culture, Media & Sport shows there is still a lot of work to do. Its Cyber Security Breaches Survey 2018 found that while 74pc of businesses say cybersecurity is a high priority, only 27pc have formal cybersecurity policies in place. 
 
Only 30pc of businesses have a board member with responsibility for cybersecurity and just 20pc have put staff through cybersecurity training in the last 12 months.
 
In the last year, 43pc of companies experienced a cybersecurity breach or attack. Where these incidents resulted in a loss of assets or data, the mean cost for small and micro businesses was £2,310, rising to £22,300 for large businesses. When examining the most common cybersecurity threats, virtually all of them fall under one of the following three categories: human behaviour/error; IT or third-party relationship.
 
Human behaviour is the most frequent enabler of cybersecurity breaches, creating a weak spot for criminals to exploit. Whether clicking on an unsolicited link or failing to safeguard passwords, people are the root cause of many successful attacks. 
 
Companies could repel the vast majority of cyber scams by creating a robust digital safety culture within their organisation.
Similarly, technology-based solutions can lock out criminals. Immediately rescinding access to employees leaving the organisation stops them causing problems once they have gone. 
 
Immediately installing software patches and upgrades will ensure the latest security is in place. All too often, it is out-of-date software that gives criminals the access they need.
 
The final category is third parties. If they have access to your systems, but you do not have a robust cybersecurity culture in place, then your own efforts are undermined. 
 
Phishing
The most common individual cyber threats facing businesses are malicious links distributed via Email, known as phishing. Regular and robust training will improve employee behaviours and prevent them from opening unsolicited emails and clicking on links they are not expecting.
 
Poorly Guarded Usernames and Passwords
Offering guidance on username and password generation will prevent employees using the same login details on multiple devices and make them more aware of how to protect these details effectively.
 
Inconsistent Adherence to IT and Data Policies
Ongoing and consistent training will make sure employees know what is expected of them. This learning should be tested regularly.
 
Malware Gaining Access via Personal Devices
The lines between our personal and professional lives have become increasingly blurred. Training should reflect this, seeking to improve behaviours in every aspect of employees’ digital lives and not just focusing on the IT used at work.
 
Social Media Malware
Companies may prohibit access to personal social media accounts, but an increasing number of companies now have corporate accounts and developing this online presence is becoming more important for a wider spectrum of businesses. Companies must develop/recruit the requisite skills to manage, maintain and operate these accounts.
 
Data on Stolen Devices
Is the data encrypted? Is the device password protected? Phones get lost and laptops get left on trains, but reminding employees of their responsibilities when using company equipment and ensuring the appropriate IT security is in place will go a long way to preventing problems.
 
Hackers
Installing patches and software upgrades as soon as they are available must be a priority for every employee. Cybersecurity should also be a primary concern in any dealings with third-party software and IT service providers.   
 
Former Employees Retaining Access to Systems
Standard procedure must ensure permissions are rescinded as soon as an employee stops working with the company.
 
Cyber risks are growing in number and sophistication, but so too are the tools available to mitigate and manage these threats.
 
Insurers can provide a wealth of risk management information to help companies create the right cybersecurity culture and implement robust safeguards. A tailored insurance policy will then provide the financial protection required for the specific exposures that remain. 
 
For more Information and advice on IT Security: Please contact Cyber Security Intelligence 
 
NI Business Info:          Nouveau:       Government of Australia:     Image: AlphaStock Images  / Nick Youngson
 
You Might Also Read:
 
Can Small Business Beat Cyber Attacks?:
 
 
 
« Malware Is Stealing Hotel Guest Data
What Girls Bring To Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Technology Association of Georgia (TAG)

Technology Association of Georgia (TAG)

TAG's mission is to educate, promote, influence and unite Georgia's technology community to stimulate and enhance Georgia's tech-based economy.

Northbridge Insurance

Northbridge Insurance

Northbridge is a leading Canadian business insurance provider. Services offered include Cyber Risk insurance.

AMETIC

AMETIC

AMETIC, is the Association of Electronics, Information and Communications Technologies, Telecommunications and Digital Content Companies in Spain.

Payatu

Payatu

Payatu Technologies is a security testing and services company specialized in Software, Application and Infrastructure security assessments and deep technical security training.

Cybersecurity Competence Center (C3)

Cybersecurity Competence Center (C3)

The Cybersecurity Competence Center was created to further strengthen the Luxembourg economy in the field of cybersecurity.

Seconize

Seconize

Seconize empowers enterprises to proactively manage their cyber risks, prioritize remediations, optimize security spending and ensure compliance.

CyberQ Group

CyberQ Group

CyberQ is an award winning cyber security consultancy and services provider and an innovator in Artificial Intelligence and Automated Cyber Security.

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling and Data Destruction protect the environment and your data with proven and trusted electronics recycling and data destruction services.

ICS Cyber Security Conference

ICS Cyber Security Conference

SecurityWeek’s Industrial Control Systems (ICS) Cyber Security Conference is the largest and longest-running event series focused on industrial cybersecurity.

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

GCSCC's work is focused on developing a framework for understanding what works, what doesn’t work and why – across all areas of cybersecurity capacity.

Selectron Systems

Selectron Systems

Selectron offers system solutions for automation in rail vehicles and support in dealing with your railway cyber security challenges.

The Citadel Department of Defense Cyber Institute (CDCI)

The Citadel Department of Defense Cyber Institute (CDCI)

CDCI is established to address the critical national security needed for a skilled cybersecurity workforce.

Periculus

Periculus

Periculus makes managing digital risk simple. Its integrated platform offers access to purchase cyber insurance and cyber security solutions uniquely tailored to fit the needs of every business.

Bytes Technology Group

Bytes Technology Group

Bytes is a leading provider of world-class IT solutions. Our growing portfolio of services includes cloud, security, licensing, SAM, storage, virtualisation and managed services.

Avrem Technologies

Avrem Technologies

Avrem Technologies is a business IT and cybersecurity consulting firm. We design, implement, manage and monitor the networks, servers, computers and software that our clients rely on each day.

Aberrant

Aberrant

A radically new approach to managing information security. Aberrant is the single pane of glass through which a security program can be viewed.