The Government’s Department for Digital, Culture, Media & Sport have released their review of the Cyber Security breaches from the last 12 months.
- More than four in ten (43%) businesses and one in five (19%) charities experienced a cyber security breach or attack in the last 12 months.
- Three-quarters of businesses (74%) and over half of all charities (53%) say that cyber security is a high priority for their organisation’s senior management.
- Under three in ten businesses (27%, versus 33% in the previous 2017 survey), and two in ten charities (21%) have a formal cyber security policy or policies.
What does this show us?
The majority of UK businesses (98%) and charities (93%) rely on some form of digital communication and services; such as staff emails, websites, online banking and e-commerce. This means they all have a number of weak points for the cyber criminals to target.
However, charities are exposed to further online risks. Around three in ten enable people to donate online (31%) and just under three in ten allow beneficiaries to access their services online (27%). This is especially true of larger charities.
So, with more opportunity for cyber attacks to take place, it is no surprise the number of attacks have risen year on year.
Of the breaches reported (43% of businesses and 19% of charities), the majority were identified among the organisations that hold personal data, where staff use personal devices for work (known as bringing your own device, or BYOD) or that use cloud computing. Essentially, the higher the exposure, the more likely a breach is to occur.
The majority of businesses (56%) and over two-fifths of charities (44%) hold personal data on customers, beneficiaries or donors electronically. Among these, 47% of businesses and 30% of charities have experienced breaches or attacks.
How can organisations protect themselves?
There are a number of points in the timeline of a cyber attack that can be targeted for improvement to reduce the risk.
There are a number of different points of weakness that are targeted by cyber criminals, as identified in this report, and there are protection solutions available for all of them. So, why do businesses still fall victim to attacks? The answer is simple; they don’t invest in the correct level of protection leaving themselves still vulnerable. Email security, firewall technology, endpoint security and backup systems, including business continuity and disaster recovery, should all be at the top of the to-do list when it comes to protecting your organisation against cyber attacks.
Without the strongest protection at each of these point, the cyber criminals will identify your weaknesses and target your business’ data and systems without a second thought – no organisation is too small, too big or too insignificant – all data has a price and the criminals can be in and out before you know it.
The industry-leading solutions mentioned above are available with advanced warning systems, so you can keep a close eye on your weakest points of attack and identify any patterns or threats. Knowledge is power and if you are aware of the activity happening outside your business, you can prepare to defend against it before it becomes a risk to your business.
However, not all cyber security solutions come with advanced warning and reporting options so invest as much as you can afford because prevention is so much cheaper and easier to manage than cure!
Consulting an experienced IT consultant or using a Managed IT Service Provider are also worth considering when it comes to monitoring the cyber security of your business. They are the experts and will have knowledge of trends and attacks from across the sector meaning they will be able to advise you on your security long before you will be able to.
There are also specific monitoring tools available such as Dark Web monitoring which scans the Dark Web to see if your data is already available for cyber criminals to buy and sell. This will alert you if your business has previously been breached, what was stolen, where the weaknesses are in your cyber security infrastructure and if you are breached in the future.
Once you have identified a cyber attack has happened or your defenses have been breached, you need to act fast to protect your data.
You will need to keep your business running in a secure and protected environment making your back up systems invaluable.
We would also recommend contacting an expert to help you identify exactly where the weakness in your system is, advise on any remedial work that needs to be done to immediately protect your business and any recommendations moving forward to keep it safe in the future.
Once you have dealt with the immediate risk and invested in the relevant cyber security systems, we strongly recommend you keep cyber security on the agenda across your business. It is no longer the sole responsibility of the IT department, everyone in an organisation has a responsibility to keep the business safe online.