Cyber Attacks – Why We All Need To Act Now
A local council in the UK has been targeted again in the second cyber-attack directed via an email attachment to a council employee. Causing untold cost to the systems. Public sectors are already stretched financially however if they find themselves in the unfortunate position of having to rebuild servers and systems, it can take months of work. There may be potentially months of lost revenue, in this case with planning applications not being determined.
According to a YouGov survey this month 71% of Chief information Officers in the private sector anticipate being more active with Cyber Security, partly due to COVID -19 increasing remote working, but also there is a vast increase in cyber security threats.
Now more than ever before it is essential to have a plan for cyber-security across your whole company, which should include training, so all employees are aware of the threats that arise that they may directly responsible for.
Preparing for cyber-attacks now needs to be high on the agenda..
Here is a brief overview of what needs to be considered….
CYBERSECURITY THREATS – What you need to know
With nearly every element of society now digitalised, cyber-crime is an inevitability that every individual and business faces. Businesses hold large volumes of personal data, and no matter how careful you are there is always a risk that this information can be stolen, misused or misrepresented for the gain of others.
TYPES OF CYBERSECURITY THREAT
- INTERNAL THREATS – Human error is a major factor in breaches, and trusted but unwitting insiders are to blame. From misaddressed emails to stolen devices to confidential data sent to insecure home systems, mistakes can be very costly. Often a small mistake can turn into a catastrophe, it is thought 90% of data breaches are caused by staff.
- MALICIOUS INTERNAL HACKERS – Malicious employees whose intent is to steal or damage are a very real risk. Some steal competitive information, some sell data or intelligence, and some just have a vendetta against the organization.
- OBSCURE THREATS – Threats that cannot be easily identified – flooding or fire in the server room for example.
COMMON TYPES OF CYBERATTACK
- DDoS – Distributed Denial of Service, a form of Cyberattack intended to overwhelm the network security of a company. It is specifically targeted at organisations and is designed to overwhelm systems in order to obstruct and limit organic traffic.
- BRUTE FORCE CRACKING – an attacker uses software to try many different passwords, in the hope of guessing the correct one. The software can use some logic to trying passwords related to the name of the individual, their job, their family, etc
- PHISHING – Phishing attacks leave staff vulnerable to sensitive data being stolen, often through email. It’s one of the most common ways malware is brought into a business.
- MALWARE – It’s short for malicious software and can include ransomware, spyware, viruses and trojans. In a more general sense, malware is classed as an unwanted action to the victim which will benefit the criminal.
CONSEQUENCES OF CYBERATTACKS
- DATA PROTECTION – According to UK GDPR Section 1 (f) of the Article 5 (“Principles relating to processing of personal data”) sets a broad and comprehensive standard of data protection, stating that PII shall be “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).”This is the requirement for businesses to have a plan in place to avoid a cyberattack, which results in a data breach.
- REPUTATIONAL DAMAGE – Damage caused by a cyberattack can affect customer retention and future business. As well as potential fines and enforcement action.
HOW TO PREVENT A CYBERATTACK
- AUDITING – regular scheduled assessments of the IT and data security within your company are essential to detect any vulnerabilities
- SOFTWARE UPDATES – ensure software updates are performed as soon as any updates are released.
- ENCRYPTION
- CLOUD – Using cloud services can mean data is even more secure, as the provider is responsible for updating the software with the latest security patches. Remote access also negates the need for USB sticks.
- TRAINING STAFF – Employees, as well as any contractors who need access to key systems, need regular training so they have a clear understanding of security breeches and how they can help to prevent them.
Contact the Stream Networks Cyber Security Team