What can we Learn from Business Victims of Cybercrime?
The threat posed by cybercrime is constantly evolving, and with it, so is the cost to businesses as they try to retrieve lost data and recover from business interruption, regardless of whether they choose to pay things like cryptocurrency ransom demands or not (police guidance is always not to pay by the way!).
Following several more high-profile cyberattacks, including companies like Garmin, Carnival Cruises and the New Zealand Stock Exchange. Why does ransomware continue to impact large and well-defended organisations? What can SMEs learn from this?
We know that modern corporate networks are complex, increasingly cloud-based, and have more connected devices than ever following COVID-19 and the rush to have an agile workforce who still work remotely.
The business case for having effective cybersecurity is clear, it’s estimated to cost the Greater Manchester Economy over £860m per year alone.
But we cannot guarantee 100% protection from cybercrime because the threat landscape is constant and rapid. My academic partners reliably inform me the half-life of a cybersecurity degree is 18 months. Just half of what students learn in the first year is obsolete by the time they graduate! This means that our defences must equally adapt just to maintain the pace.
Police Cyber Crime Units help business victims investigate and recover from attacks. We see the impact but can also identify trends and learn from patterns to help protect businesses before they become victims. This is why we must encourage victims to report cybercrimes; the percentage of reported crimes is as low as 1-2%!
The lessons we’ve learnt from victims are worth sharing because these stories are powerful and help organisations better understand the threat and why protecting themselves is so important. It also helps to build trust and confidence in the police’s ability to respond and demonstrate that we understand the unique needs of business victims who want (and need) to get back online asap.
The challenge is sharing these stories when reporting is so low. Businesses are understandably concerned about their brand and reputational damage and fearful the cops will just seize their hardware for long and protracted digital forensic examinations. We must do better to really understand business victims, anonymise and share their stories and make cybersecurity accessible both financially and in the language we speak.
The average date from infection to detection is 150 days, so we need more victims to come forward as we believe up to 80% of cybercrime is preventable by following basic cyber PROTECT guidance, much of which can be provided for free or at low cost through the Cyber Resilience Centre, which is supported by Greater Manchester Police and consistent with the guidance produced by the National Cyber Security Centre.