Why is it Important to have a Cyber Security Plan in place?
Cyber attacks can be incredibly disruptive to your business. While media attention to cybercrime focuses on larger organisations, it’s important to remember that most cybercriminals are indiscriminate – any company that works online or sells online is a potential victim.
We often hold an image in our heads of cybercriminals as using sophisticated and expensive equipment; the reality is often free and simple. Common techniques used by cybercriminals today include:
Phishing – where hackers send emails in an attempt to gain sensitive information or encourage recipients to visit fake websites to extract data.
Ransomware – deploying malware that will encrypt and delete your data—often used to extort money from companies, with a promise of returning your data (which is not always the case).
Business Impersonation – hackers set up a false website or compromise a legitimate website to exploit visitors.
Scanning / Social Engineering – searching the web for vulnerabilities of companies or individuals to exploit.
To combat all of these threats, businesses should always consider having a cyber security plan. The most disastrous of these threats is ransomware; this can be devastating financially and majorly impact your mental health.
Examples of cyber attacks recently
In 2023, some Arnold Clark customers were told their personal information may have been stolen in a cyber attack. The firm admitted they were forced to shut down their entire computer network in the early hours of Christmas Eve.
In January of 2023, sportswear chain JD Sports said stored data relating to 10 million customers might be at risk after a cyber-attack hit it. The company said information that "may have been accessed" by hackers included names, addresses, email accounts, phone numbers, order details and the final four digits of bank cards.
Before launching ransomware attacks, cybercriminals can spend days, weeks or months inside a victim’s network to identify their defences and assess what the organisation could be worth to maximise its impact.
Performing a website vulnerability assessment mitigates the risks of a cyber attack, which will come with various costs, including reputational damage and financial penalties.
As hybrid working becomes the norm, businesses increasingly rely on technology.
Planning for a cyber attack should be considered just as – if not more – important than planning for a flood, fire or other disruption. Business continuity plans should be stored offline and regularly updated and tested.
Ransomware attacks typically occur through one of three paths: software vulnerabilities, phishing emails, and remote desktop access. Your business often won’t know the exact route a cybercriminal will take to attack your business; by planning, you can help mitigate the fallout by examining your cybersecurity strategy.
Attackers are always at the forefront of new technology and software like AI and chatbots like ChatGPT. If you are an employer or in any managerial role, then it's important that you educate yourself on the risks and how you can stay safe when using ChatGPT. We'd recommend employers look into the potential risks involved when using chatbots. Make sure you clearly define the scope for which employees can use chatbots and the limitations that might be in place.
Stats from the latest Cyber Security Breaches Survey
The Government’s Cyber Security Breaches Survey reported in 2023 that just 27% of businesses have continuity plans that mention cyber security, and only 29% have formal policies covering cyber security risks. Unsurprisingly, only 15% of businesses have completed an audit of their cyber security vulnerabilities.
Understanding how your business will react to a cyberattack is more important than the scenario being a perfect match to your plan.
Whilst cybercriminals are continuously developing their skills and using more sophisticated tools – especially with new technologies such as AI and the Internet of Things. Remote workers remain a key target, alongside vulnerabilities in unpatched servers.
It is more important than ever for your business to have a cyber security plan in place.
To help businesses, we have created a Cyber Incident Response Pack containing documents to help support your business plan its response to a cyber incident. These documents are designed to complement any existing plans or assist you in creating one.
Our Network and Website Vulnerability assessments can help you to review your internal/external networks, systems and websites to look for weaknesses such as poorly maintained or designed systems, out-of-date services, insecure access controls, or opportunities to access and steal sensitive data. Contact us today to discuss your needs and learn more about our affordable memberships and security services.