Across the world, cyber attacks are on the rise. As technological solutions change and become increasingly interconnected and dynamic, so too do both the attack vectors and means utilized by cyber criminals.
Further compounding the issue in 2020 is the ongoing coronavirus crisis; threat actors are actively cashing in on the pandemic by taking advantage of users’ concerns through advanced social engineering attacks. And at the business level, the shift to remote working models means a greater chance for attackers to find and exploit vulnerabilities.
According to a new report by security firm Carbon Black, 88 percent of businesses in the United Kingdom have fallen victim to a breach in the past year. This figure encompasses both large and small companies. In fact, small-to-medium sized businesses are as likely to be attacked as larger companies. A Hiscox report states that a small business in the UK is hacked successfully every 19 seconds.
The same report notes that there are 65,000 attacks on small to medium businesses each day and around 4,500 of these hit their target. Once a company suffers a data breach, there are two key losses that must be accounted for; financial and reputational.
In regards to the latter, past customers lose faith in the company after an attack and are likely to switch to a competitor, further compounding the financial losses. Businesswire reports that 41 per cent of UK customers will change companies permanently. Given this high percentage, it is little wonder that companies are reluctant to report breaches, even when legally obliged.
These sobering statistics are just the tip of the cyber iceberg. Studies from private security firms and government reports alike uniformly paint a troubling picture of the UK’s cyber security landscape.
With the increased threat level brought about by COVID-19 and the burgeoning economic slump as key motivating factors, the time is ripe for companies to up their cyber security measures to ensure the best chances of survival.
Critical Security Measures for UK Companies
- Hire a Chief Information Security Officer (CISO) – According to a Bitglass report, only 38 percent of all Fortune 500 companies had a CISO in place. Smaller companies also need to budget for cyber security. If a dedicated CISO is not financially viable, outsourcing regular vulnerability checks, the creation of security protocols, and other key tasks, to a dedicated cyber professional is a wise move.
- Use a Virtual Private Network (VPN) – As the name suggests, VPNs create a private browsing network, and in the process, encrypt data in transmission. With a remote workforce, a VPN is essential as staff may access company systems from potentially unsecured networks.
- Staff education – Threat actors rely upon human foibles to carry out remote attacks. Educating staff about cyber security protocols and common threats, such as phishing attempts, is one of the best ways to mitigate the risks.
- Multi-factor authentication – All accounts should be secured properly. A single log-in process is equivalent to locking the office with just a screen door. Instead, two-factor or multi-factor authentication should be in place. Additionally, all staff members should ensure they are not repeating passwords across company accounts. Passwords should be complex and contain numerals, special characters, and a mix of upper and lower case figures.
- Email scanners – Phishing remains a persistent threat in the UK. Email scanners may catch malware or suspicious links before they reach the recipients.
- Antivirus and antimalware – With a decentralized workforce, companies need to take steps to secure their systems as much as possible. Providing staff with both these programs means less chance of systems being infiltrated with malicious programs. This is particularly important if employees are using their own devices.
- Limit Bring Your Own Device (BYOD) culture – Whenever possible, employees should work on company devices only. Other devices represent a significant security risk.
- Enterprise-level firewalls – Companies need to invest in enterprise-level firewall security.