Cyber Security Risks and Controls
Quiz time....What's the similarity between a global telecom company, a bank, an estate agent, a B2B marketing agency and a home-working freelancer? The answer - each is at an increasing risk of suffering a cyber attack in the near future.
The rate of cyber attacks has increased faster than the rate at which things are becoming connected, and as I touched on in an article about the size of the Internet of Things market, that rate is exponential!
In 2019 the UK government released a Cyber Security report that illustrated that the rate of attack was increasing most rapidly in medium and large business, and high-income charities.
Highest Rate of Increase of Cyber Attack
The type of businesses with the highest rate of increase in cyber attack in the UK Government's 2019 Cyber Security Breaches Survey
Figure: Increase in recent cyber attack, 2018 to 2019
Since 2019 Cyber Threats Have Multiplied
The coronavirus pandemic triggered a mass exodus of staff from offices and formal work places, with many needing to learn the new skill of working from home. In a study commissioned by O2 there is evidence of a strong expectation that even after the lockdowns have been lifted, a significant number of people will still work from home for at least one to three days a week.
The rise in working from home (WFH) is putting strains and stresses on individuals as well as the organisations, too. The Financial Times reported that fraudsters were quick to leverage the uncertainty, lack of coordination and insecurities of this new way of working.
Suspected coronavirus scams accounted for one in 20 of the potential frauds logged with the Action Fraud reporting centre...
Cyber Breaches are Costly
An Accenture report suggests that a breach in cyber security can cost an unprepared company $380,000 (on average). Now consider that along with their data point that companies are typically subjected to almost 300 attacks per year - the cost of being unprepared could be enormous.
How Open Are You To Cyber Security Threats?
There are too many types of cyber security vulnerabilities to list in just one article, and if you're not already comfortable with your business risk, then perhaps you should consider a cyber security audit.
However, there are two security aspects that have opened up considerably during recent times, and both of these come from the rapid opening of corporate networks to support staff working remotely from home.
Cyber Security Threats from Remote Access
Even for companies that have permitted remote working for some time, the rapid increase in the number of workers needing to work outside the physical cyber security perimeter of the office has led to procedures being rushed, standards being relaxed and mistakes happening.
This is a problem for companies big enough to justify IT departments or staff, and also for the smaller companies who rely on non-IT staff like "Steve - the sales guy who also happens to be pretty nifty with computers".
The diagram below from umlaut's cyber security experts illustrates how malicious attacks could take advantage of the increase in employee remote access.
Are Your Suppliers Cyber Threats?
In these unusual times, it is not just your business that is having to make rapid adaptations and changes, it is your entire supply and value chain.
The same remote access vulnerabilities your IT team are trying to deal with are also a threat to your suppliers and partners.
In the qualitative interviews, some [companies] had simply not considered suppliers as a potential source of cyber risk before, while some others simply did not consider their suppliers’ cyber security to be their responsibility.
Un-Masking Hidden Threats
In Accenture's 2020 annual cyber resilience report, they state that whilst the number of companies that are proactively deploying cyber security measures has increased, there is a hidden, potentially more dangerous threat that accounts for an additional 40% of attacks on already cyber-protected companies.
Accenture classify these as indirect attacks - Attacks that arise from the supply chain and eco-system.
They state that after investment, the most effective thing companies can do to minimise the impact and cost of a cyber attack is to educate and train their staff. This helps reduce vulnerability, but also importantly, helps companies move faster in discovering and rectifying attacks.
As a non-executive director for the Association of Colleges, the importance of cyber security education is a frequent discussion topic. I believe that everyone should be educated in the importance of cyber security, and it shouldn't be restricted to IT courses or professions. The World Economic Forum agrees, urging that the topic to be included in circular from elementary level.
For those of us already in the workplace, any time we use IT or connect across corporate or public networks, like the Internet, we are susceptible to attacks, and should all be aware of at least the basics of cyber security.
Companies bear additional responsibility to their shareholders, customers, partners and employees to ensure they are doing their best at defending against the rising threats in today's connected world.
This all starts with awareness.
Cyber Defence Strategy:
Today, the aspect of digital communications security plays a decisive role. With the traditional borders between industries, home-working and other applications vanishing, security issues are rising. With our cross-sector know-how, we are uniquely placed to combine all the important factors into one. More than 20 years of experience in the analysis and evaluation of digital infrastructures help us to shape the future of communications security
Cyber security can seem scary, embarking on understanding your exposure can be daunting. However, the unfortunate truth is that sooner or later, if you don't take the initiative to discover your company's vulnerabilities, then someone with malicious intent will.
Your Cyber Security Next Steps
If you've already taken the time to read this article, prioritise a little more time to be proactive about your cyber defences. Get in touch with umlaut today to learn more about how their cyber security audit and training programmes could help you be more aware, be more prepared.
Download Your Exclusive Report Here
I've partnered with umlaut to provide to you an exclusive report on the cyber security of the top Internet Service Cloud providers. Enter your email below to receive your personal download link.