Online attacks and security breaches are not a new topic. In April last year the government’s Cyber Security Breaches Survey 2017 reported that almost half of UK firms had been hit by a cyber-attack or breach in the previous 12 months, whilst other reports have suggested that the UK is the target for one in eight malware attacks in Europe.
It’s not just commercial businesses that are affected. The NHS is a prime example of the impact of cyber-attacks on the public sector, after the high profile WannaCry attack crippled parts of the service in May 2017.
As the number of cyber-attacks increases, so does the need for strong cyber security protection for businesses. But almost 12-months on from WannaCry it seems that not enough is being done by the public sector or by private businesses to keep themselves or their customers safe.
This week the Guardian reported on the parliamentary hearing into the WannaCry attack, where it was revealed that every NHS Trust assessed for cyber security vulnerabilities has failed to meet the standard required. The independent investigation also found that the attack could have been prevented if “basic IT security” measures had been taken, with the head of the National Audit Office (NAO) warning that the health service and Department of Health had to “get their act together”.
And it’s not just the NHS that continues to struggle when it comes to cyber protection. According to an article in iNews, the majority of businesses still do not possess adequate cyber security expertise to prevent attacks and protect their customers.
The findings by specialist insurer Hiscox, which surveyed 4,000 firms in the UK, US, Germany, Spain and the Netherlands, found 73% were severely lacking in digital security. This is despite the fact that around 45% of the business surveyed reported to have been targeted at least once by a cyber-attack within the last year, with two-thirds weathering two or more attacks.
The report also revealed that only 11% of businesses overall were ranked as “experts”, based on their security strategy and quality of its execution.
For many businesses, this won’t come as a surprise. While many understand how serious cyber-crime can be, many are still unsure about how they can up the ante and successfully incorporate cyber intelligence within the enterprise.
At SCC, we advocate some key steps that businesses can take to help implement a quality cyber intelligence strategy:
- Learn from past mistakes – even if your business hasn’t been exposed to a cyber-attack you can learn from the mistakes of others. Keep up to date with security news and the latest attacks and ask yourself these fundamental questions: Where did it happen? Why did it happen? How can you stop this from happening to your organisation?
- Know your vulnerabilities – evaluates what assets your company needs to protect the most and where. Failure to identify these will put you at risk and leaves important data and assets vulnerable to infiltration. And remember, once GDPR comes in this year there’ll be substantial fines for businesses that compromise their customers’ data.
- Constantly review and refresh – as technology advances and malicious software gets stronger, it is important that your cyber intelligence stays up to date. Regularly review your cyber intelligence strategy to understand attack methods and the latest cyber trends to enable your business to plan for fresh attacks.
By following the above steps, you can help your business stay ahead of the game on cyber-crime and reduce the risk of breaches by instilling knowledge of what security software your firm needs.