Time and time again, and even more so recently, we see devastating cyber-attacks on large corporations and public services. Hopefully, this has made an impact on public perception and made people realise that cyber criminals will target anyone – big or small, private or public.
Would you leave your back door open, while you were out at work? Probably not. The same principle applies to businesses. They need to get savvier with how they operate and maintain their security profile, so they can understand the threats before it’s too late. After all, ‘prevention is better than a cure’!
I’d like to share some details from a report that was issued in 2016 by the Talk-Talk group (ironically, a company fined for the largest recorded data breach). The report highlights that there is a distinct misjudgement about the reality of attacks and data breaches, which leads to companies believing they are secure.
Three-quarters of companies feel they are protected from digital threats; the figures speak for themselves:
- 74% of businesses believe that they are currently protected from digital threats.
- 50% of respondents reported that they had been the victim of a cyber-attack. Two-thirds happened within the past year.
- 29% of the attacks resulted in a data breach.
- Over 80% of founders, C-level executives, board members & directors believe they are doing enough to mitigate the impact of cyber-attacks, but less than 60% think they have the right policies in place to be secure.
What also needs to be noted is that small and medium-sized enterprises are not immune to attacks. It is a common misconception for SME’s to believe they are ‘too small’ to be the target of a cyber-attack. Again, numbers support this statement:
- 27% of SME’s felt that they were secure because they were ‘too small’ to be of interest to cyber attackers.
- 56% felt they were secure because they ‘have the right policies in place’. However, these beliefs have little proof in reality.
- 59% of those expressing the former view and 53% of those showing the latter have already experienced attacks.
- On average, a data breach costs over 19% of an SME’s revenue.
The report goes on to say that reported attacks on businesses have been increasing exponentially over the past four years, with over a third happening in the past six months.
Given this, I would advise you to have a good look at your current business processes:
- How you address data handling and security?
- What are the data ownership means?
- What access control measures you have in place to safeguard your businesses assets?
Having a reliable anti-virus program may not be enough to protect you from cyber-crime, so think big. Who might want to get your information? What is it worth to someone else? Once you’ve answered these questions, you can begin building a security framework around it.
As risk management and security professionals, Equilibrium Risk will help you identify and manage all the security risks to your business – cyber, electronic and paper records, people, processes, data protection legislation, physical access and business continuity.
Please feel free to get in touch.
Stef, Head of Cyber Security