How Cyber Aware is your business? Recent high profile cyber attacks on both companies and individuals across the globe show just how vital it is to ensure that all connected devices are kept as secure as possible.
To highlight just how important cybersecurity is to businesses in the UK, Vistage UK have partnered with the Home Office’s Cyber Aware campaign.
What does a cyber attack look like, and why do they happen? Watch our video below to find out - or scroll down for a full transcript.
Vistage UK have partnered with the Home Office's Cyber Aware campaign to highlight the importance of cybersecurity for UK businesses.
Recent research from the Department for Digital, Culture, Media & Sport shows that 66% of medium-sized businesses had identified a security breach or attack in the past year. Among those that had suffered a breach, nearly 50% needed new preventive measures, and used additional staff time to deal with breaches.
So what is a cyber attack, and why would a business be targeted? We spoke to a number of cyber security experts to find out more.
Kevin L, Department for Digital, Culture, Media & Sport
“A cyber attack could be anything that's targeting your IT systems. It could be someone looking for data: so names, email addresses, social security numbers, passwords, credit card details. That data is valuable and can be sold on on the black market, so criminals will often be after data like that.
“Attacks could also be viruses: malicious bits of software that will disrupt your IT systems so there's a number of different dangers out there.”
Mick D, City of London Police
“There are a number of reasons why businesses could become targets for cyber attack. You could hold valuable information that someone wants to steal, like credit card details or personal information, or there could be a political or ideological reason that makes a particular organisation a target. You might have a particular vulnerability that's been identified and someone decides to exploit it just because they can in order to see what they find. Some of the high profile cyber incidents that we've seen this year were possible because of known vulnerabilities and the fact they are exploited, for instance, Microsoft released an update to correct the WannaCry vulnerability two months before the incident began.
- You may like: The business leader's role in cybersecurity
“Every business needs to have an appreciation of the risk factors that affect it so they can put appropriate measures in place to mitigate the threats.”
The average cost of a security breach for a medium-sized business is over £3,000, and over £19,000 for a large business. However, the cost is much greater than just financial.
Miriam W, Research, Information and Communications Unit, The Home Office
“The impact of cybercrime on a business can be much more far-reaching: as well as the financial loss, you might need to think about the impact on contracts that you might not be able to fulfil and the implications on your actual longer-term business. We increasingly see from our research that customers have really high expectations with the organisations that do provide services to them, and they expect them to protect that data. That trust and confidence can really quickly break down in the event of a cyber attack, meaning longer term impacts around repeat custom and confidence in the reputation of your business in the event of an attack.”
So, as a business leader, what can you do to be prepared and protected?
Mick D, City of London Police
“Organisations and leaders have to take cybersecurity seriously and develop a culture of cybersecurity within their business. There should be a good understanding of an organisation's potential weak points and vulnerabilities, and appropriate strategies in place to address them.”
Kevin L, Department for Digital, Culture, Media & Sport
“We know from research done by GCHQ and others that the vast majority of attacks are very basic. Criminals aren't going to launch a sophisticated attack on your business if they can walk in through the front door, so what you really need to do is assess what's most important to you and protect it.
“I think the important thing is to have a plan and it might be very simple: it might just be, ‘this is who we are going to call if we have a problem’, perhaps a third party company that you work with that provides your internet services. It's having a plan of what you would do - what would be your backup plan?
“So, if you lost your database do you have it backed up in a separate place, and therefore how would you get that database back online?”
Miriam W, Research, Information and Communications Unit, The Home Office
“Employees are the front-facing part of your business quite often and their confidence in being cyber secure can be the most important level of protection that you can give your business. You can use Cyber Aware’s advice to give your employees that confidence: in particular, encourage them to keep strong and separate passwords for their email, and to check they have separate emails for their business and personal accounts.”
For more information on Cyber Aware and the Cyber Essentials scheme for businesses, visit cyberaware.gov.uk.