Pick up a newspaper these days and you rarely have to look far to find a story of a cyber-attack. Indeed, reports suggest that cybercrime is on a sharp increase, with attacks growing in complexity and effectiveness. Recent attacks highlight that threats can impact on businesses of all sizes. With that in mind, an important question arises:
How important is your cyber security?
Technology is becoming integrated into our lives to a greater extent in the work place and at home. Figures show that almost half of UK businesses suffered cyber-attacks or data breaches in 2017. Therefore, making sure cyber security practices are put in place will help to accommodate for the wider adoption of technology. An expert said “simple steps to remove basic weaknesses would go a long way to protecting key data”.
Not only is technology becoming more integrated into our lives, but it is becoming more advanced, we are therefore seeing attackers advancing and becoming more ‘sophisticated’ and ‘practical’. They use software that allows them to exploit information and data and use it to their advantage. Businesses are advised by the ICO to assume they will be hacked so they cannot only protect their business and customers data, but also because of new legislations that have been put into place in the past year such as GDPR. The regulations of data breaches should be taken more seriously than previously and failing to do this could result in consequences impacting the business hugely. Customers may lose trust and the reputation of the company could be damaged.
Your data is arguably your most valuable and important aspect of your business but also your most vulnerable. In the news headlines we often see big companies being hit by cyber-attacks and data breaches, however it is a problem for smaller businesses as well. Cyber security is paramount for keeping all businesses data safe. Businesses faced an average of 19 hours downtime following an attack.
We hear about big cyber-attacks occurring in companies but there are many of small cyber-attacks happening regularly that we don’t hear about, that don’t hit the headlines. To help you get an understanding of this, I have outlined below one of the big cyber-attacks that happened in 2017 and three infamous cyber-attacks that have happened in the past couple of years.
You may have heard about the NHS data breach in 2017. People often call it the ‘biggest ransomware’ offensive in history that not only hit the NHS but many other organizations and countries as well. Beginning on May 12, it spread over 150 countries. The NHS is said to be the worst hit with fears of it affecting over 26 million patients. Staff were forced to turn away patients and cancel nearly 6,900 appointments as a result of the attack. The attackers deceived recipients into opening an attachment in an email so they were able to release malware onto the recipients system. This then locked files and encrypted them so they couldn’t be accessed. The hackers demanded a sizeable ransom, though there is no indication the NHS actually paid it. Since the attack the cyber security of the NHS has been improved to help prevent anything of this nature occurring again.
British Airways data breach in August 2018 affected 380,000 transactions. The attackers stole personal and financial information from BA customers over a two-week period on both the company’s website and app. Teams worked over-night when they realised something was wrong to try and discover the problem and the extent of the attack. Fortunately, the stolen data didn’t include any passport or travel details. The breach was solved, however, British Airways may have to pay out £500 million to customers whose data was breached. As a result of the attack many customers impacted had to cancel bank cards after the attackers gained access to this sort of personal data.
The most recent Facebook data breach was in September 2018. Up to 90 million Facebook user accounts were exposed by a security breach. The attack allowed hackers to take over users accounts by stealing their ‘access tokens’ and used Facebook’s ‘view as’ tool to do so. The breach sent Facebook’s stocks tumbling and the company may face a fine of up to 4 percent its global annual revenue from the prior year. Not only has this attack impacted Facebook but researchers have said the impact could go beyond Facebook and to other apps and websites such as Spotify and Pinterest.
The question and answer website Quora suffered a huge cyber-attack that could have exposed 100 million users details. The most recent and another of the infamous breaches, happened at the beginning of December 2018. It is said to have been when a third party guest gained unauthorised access to one of its systems. Quora logged out all of its users affected and told them to log in and change their password when prompted to do so. It’s been said by Quora’s Chief Executive that all steps have been taken to prevent anything like this happening again in the future.
The effect cyber-attacks have on companies can be reputational as well as financial. From my examples you can see hackers are targeting anyone with data rather than a specific type of company. They can also be after different goals such as for the company to pay a ransom, to find out sensitive data and abuse it, or to ruin the company’s reputation.
What can we learn from this?
Recent research has suggested that a lot of companies have unprotected data and poor cyber security practices in place. Cybercrime can (and does) affect companies of all sizes, in any industry sector. Having the correct cyber security could be key to preventing the next cyber-attack happening to your company.
But where can you start? Get help with cyber-security by downloading our FREE White Paper.