By Bruce Penson, Managing Director at Pro Drive IT
Don’t be left in the dark. This is where your business could be if it’s hit by a cyber attack warn cyber security companies. You’ll be shocked by the statistics …
Do you really know what’s going on with your IT networks and cyber security? If you don’t, cyber criminals do.
The latest figures from the Crime Survey for England and Wales, published by the Office for National Statistics in July 2020, showed around 900,000 estimated computer misuse offences (for year ending March 2020 – and cyber crime has increased since then!).
Computer misuse is when fraudsters hack or use computer viruses or malware to disrupt services, obtain information illegally or extort individuals or organisations. Commonly, malware is downloaded when a victim clicks on an email attachment or link. It remains hidden on their computer to harvest their personal and financial data such as online banking details – which is subsequently used to drain their accounts.
The Crime Survey showed large increases in:
- Hacking – social media and email, which saw a 55% increase from 8,340 to 12,894.
- Computer viruses/malware – a 61% increase from 4,177 to 6,745 offences.
Whereas a victim will know about other kinds of robbery fairly quickly, cyber crime isn’t always detected until several months after the attack – when greater damage has been done.
And then there’s ransomware attacks.
Cyber security company estimates UK businesses hit by 5000 ransomware attacks in 2019
British firms were hit by at least 5000 ransomware attacks last year, according to US cyber security company Emsisoft. It estimates they paid nearly £210 million in ransom money to cyber criminals to recover data.
Would you pay the ransom if your business was attacked?
Cyber security companies warn against paying up – but once the business has been hit, it may be too late to salvage the situation. People are paying the ransoms rather than risk losing sensitive data, with the accompanying likelihood of fines from regulators and loss of reputation.
It has become such a problem that MPs are calling for stricter laws against paying ransoms, which isn’t currently illegal in the UK unless it’s linked to terrorism.
If you’re a cyber attack victim would you risk your business or pay up?
As we write, it’s reported that foreign exchange firm Travelex is shedding over 1,300 jobs in the UK and is in administration. Its administrators, PwC, blamed a cyber attack, not just the Covid-19 pandemic. Back in January, cyber criminals demanded a ransom from Travelex of £4.6m, claiming they had access to its sensitive customer data. Travelex had to turn off its systems and suffered over a month of disruptions – including staff having to resort to using pen and paper to do their jobs. The damage to the firm was reported to be some £25m.
You’re in the dark ages if you don’t think it could happen to you and your business
Cyber security companies have dealt with businesses of all shapes and sizes this year who have suffered cyber attacks. They include Bitcoin, where the personal data of 250,000 people from 20 countries was leaked by a scam, with some 147,610 UK victims. Garmin was also attacked and ended up having to close its services for a week.
Two companies involved in building emergency hospitals for the coronavirus outbreak – Interserve and BAM Construct UK – were also hit. Some universities have fallen victim, as have the UK’s electricity system administrator Elexon, when cyber criminals targeted the IT infrastructure used to run the electricity market.
We work closely with businesses in the Financial, Professional Services and Energy sectors – which are all governed by strict regulations. Yet even people in these areas don’t think cyber crime will happen to them. Unfortunately, they’re sitting on a timebomb if they haven’t invested in proper cyber protection that will ensure they can continue operations and achieve their critical business outcomes.
How cyber criminals infiltrate your business
Human error is to blame for the vast majority of data breaches.
1, Social engineering: cyber criminals are getting to know you as we write. For example, they are looking at your social media accounts to gain personal information about you – your date of birth, family and friends’ names, pet’s names, places you visit, events you like etc – then they’ll use all this information to dupe you and everyone else. They may use it to work out your passwords. Or fool you into thinking you’re clicking on an email link provided by a colleague. You get the idea. You’ve no doubt seen this kind of scam already. But have you taken action to prevent it?
2. Unsecured databases: there are many, many business victims currently of what is known as ‘Meow’ attacks. Over 1000 unsecure databases have been wiped – gone – yet there’s no explanation or any ransom – nothing. All that remains is the word “meow.” It would be laughable if it wasn’t true.
3. Unprotected channels like video: video cameras and video conferencing systems can be hacked. You may remember another notorious cyber attack this year, which resulted in over half a million Zoom accounts being advertised by criminals for sale on the dark web. The hackers used previously leaked lists of login emails and passwords to gain access.
This is why cyber security should be on the agenda in your board room, not just the responsibility of your IT staff.
It is a growing global problem and CIOs and other leaders in IT must address cyber security within their organisations and drive investment in it. This is critical.
Issues need due consideration and planning if the right level of cyber protection is to be implemented and results achieved. Cyber criminals will pounce where it has the most impact on your business.
At Pro Drive IT, it’s our mission to protect business clients from all types of cyber attack and we offer a variety of blogs, webinars, workshops and training courses to support them.
