By Thomas O’Hagan, Managing Director, b4b Group
The cost of cyber attacks on businesses across the UK is an eye-watering £34 billion annually, according to research by the CEBR (Centre of Economics and Business Research).
It’s a sobering figure and one that acts as a reminder to companies of all sizes of the importance of cyber security and protecting digital infrastructure.
The recent breach at the Irish healthcare system which saw criminals demanding $20 million claiming they’d accessed thousands of files containing sensitive patient and other confidential data, adds further perspective.
The impact of the ransomware attack has been huge, with the HSE (Health Service Executive) responding by effectively shutting down its IT systems, affecting the functionality of acute hospitals, payments, payroll and other essential services.
Elsewhere, a mass cyber attack affected millions of Microsoft Exchange clients around the globe impacting government agencies and over 60,000 private companies in the US alone.
The computer giant released an emergency security patch but while the attack was on Microsoft’s vulnerability, it also impacted countless small businesses that use its software and services.
Closer to home, Ards and North Down Borough Council recently became the victim of a phishing exercise with an external source attempting to gather information through deception.
The sheer size of the organisations targeted shows that even the largest corporations are susceptible.
The costs are huge but it’s not just about cash. The damage to your company’s reputation, longer-term harm to internal productivity and morale, theft of intellectual property and potential legal consequences must all be considered.
With that in mind, businesses, no matter how small should be asking themselves what they are doing to protect against cybersecurity threats.
The government-backed Cyber Essentials scheme is a good start. Seeking certification (which shows that you are committed to cybersecurity and protected against threats) can act as a security audit in itself, highlighting where your organisation is currently falling short.
Measures such as next gen firewalls, email security and monitored anti virus software will likely address much of this, but the first line of defence in any organisation is its people so security awareness training is a must.
As fraudsters develop greater sophistication, tools such as email or SMS phishing are becoming more and more common and harder to spot.
As a result, business owners should always take a zero trust approach to external communications, following up by phone if unsure about the legitimacy of requests – and never click on links when you don’t know where they’ve come from.
No matter how small the threat, anything that could impact digital infrastructure and consequently business continuity impacting services and customers, should be taken seriously.
Putting in place a range of measures will ensure you’re not left counting the cost of a cyber attack.