New year brings continuing cybersecurity risks
19th January 2019
Last year ended with a further stream of businesses whose customer data was compromised. Various high-profile organisations were left red-faced – eg. British Airways, hotel chain Marriot – with reputations diminished and profits threatened.
Yet it’s not only the big boys who are targeted. The vulnerabilities of SMEs hare increasingly become the target of cyber criminals. By all accounts 2019 promises to be an important year in the battle against cybercrime in the digital world.
Cybersecurity in 2019
While no one can accurately predict the future, experts have been busy assessing developments in the cyber world and coming up with their cybersecurity predictions for 2019.
Some top picks from the cyber industry include:
– the misuse of data
– the use of artificial intelligence (AI) and machine learning by attackers
– risks posed by the dominant use of cloud computing and the security risks of the myriad of connected devices in use
– cyber wars involving terrorist, criminals and nations
– cybersecurity rising up the agenda within businesses with board-level discussions about the potential impact of cybercrime on their business goals and brand.
Lack of cybersecurity skills
As for combatting cybercrime the serious lacks of skills and training amongst the cybersecurity workforce will get more attention with investment in recruitment, training and retention increasing. It’s estimated that the cybersecurity workforce shortage will reach 3.5 million jobs by 2021.
Continuing high profile data breaches will focus attention on developing alternatives to the use of username and password as security devices. This easily-breachable method has led to many businesses and consumers being the victims or fraud and theft. Some alternatives being explored include two-factor authentication, cryptography and biometrics. The latter has already been popularised amongst millions of customers in the use of fingerprint ID to unlock mobile phones, while many business have incorporated facial or fingerprint recognition into their security or timesheet processes.
Vulnerability of SMEs
Elsewhere, it’s predicted that hackers will take more advantage of small businesses because their cybersecurity vulnerabilities can be more easily exploited than larger businesses. Due to the increase in cyber attacks on SMEs, and the shortage of IT security skills, small business will increasingly turn to managed security service providers for help in safeguarding their business.
Different SME sectors are affected in different ways. Yet a majority of SMEs use computing to a lesser or greater extent. From the sole computer or device in a single-employee micro business, to multiple digital users accessing complex databases in a medium or larger sized business. Any of these firms could be targeted by cyber criminals whether its malicious viruses, ransomeware, data or financial theft or phishing scams.
Government recognition of cyber threats bring little comfort for SMEs
A report at the end of last year revealed that 68% of UK businesses had been hit by at least one cyberattack during the past year. This suggests that the fears by cyber experts are well placed. Cyber attackers have become increasingly confident and sophisticated leaving firms feeling ever more vulnerable.
The UK Government’s own 2018 Cyber Security Breaches Survey stated that 43% of businesses and 19% of charities had experienced a cybersecurity breach in the last year. This figure increases to a worrying 72% amongst large businesses (250+ employees), and 73% amongst charities with annual incomes of £5 million+. Despite this, only 27% of businesses and 21% of charities have a formal cybersecurity policy. It’s estimated that cyber crime costs UK businesses around £30billion every year and can mean severe disruption and even potential closure.
In a speech at the National Cyber Security Centre last October, government minister David Lidington acknowledged: “As our digitally connected world has expanded at an extraordinary rate, so too has the scale of vulnerabilities and the frequency of attacks that we face.”
Yet a subsequent UK government report revealed cybersecurity efforts ‘lack political leadership.’ This is not good news for small businesses struggling to manage with fewer resources. The report published last November by the parliamentary Joint Committee on the National Security Strategy stated that “The cyber threat to the UK’s critical national infrastructure (CNI) – 13 sectors including energy, health services, transport and water – is as credible, potentially devastating and immediate as any other threat faced by the UK.”
However the report also pointed to the important role of smaller businesses in the supply chain. The country’s critical services cannot run without their smaller external suppliers. The report states that attackers are also increasingly exploiting supply chain vulnerabilities in order to gain access to CNI operators’ networks and systems. Steps to address these vulnerabilities might include (a) requiring suppliers to undertake regular self-assessment and (b) mandating minimum (or equivalent) cyber security standards for suppliers, such as ISO 27001 or the Cyber Essentials and Cyber Essentials Plus schemes.
It’s not surprising that business continue to call for more government efforts to help and UK firms want to combat ever more sophisticated cyber threats . A survey at the end of last year revealed that IT professionals and UK businesses want more help from the government. Yet many businesses are having to go it alone.
Do you know how your business is most vulnerable to cyber-attacks and how to fix the risk? It could be at risk from any number of fronts.
Ways in which your business could be at risk:
● insufficient antivirus software, anti-malware and an effective firewall
● sensitive data not encrypted
● weak password and logging in protocols
● lack of a disaster recovery plan or solution
● not conducting regular risk assessments
● insufficient staff training in cyber security
● lack of knowledge about data management, destruction and what constitutes a data breach
● unfamiliar with GDPR laws
It’s not easy deciding how to tackle these threats. It’s not always possible for SMEs to have the in-house skills to address cyber threats fully. However it’s important that these risks should be ignored. Small business will find that it pays to seek professional IT help – it will cost you less than you think and could safeguard your business.
Let 360ict check your cyber security. 360ict Ltd is a leading IT company which aims to deliver IT support to small and medium enterprises at an affordable and manageable rate. We enable SMEs to access IT capabilities which would otherwise be out of their reach.
Let 360ict help you with your risk management, cyber and data security.
To arrange your on-site review or talk to our IT support team about your options, call 0208 663 4000 today or Contact Us .