A recent report from Risk Based Security shows that more than 3,800 publicly disclosed cyber-breaches occurred globally in the first six months of 2019, exposing a staggering 4.1 billion data records.
These figures are frightening enough in isolation, but worse when you learn that both have risen by more 50% over the last 12 months.
And these were just the reported incidents.
It can happen to anyone
The cases recorded by Risk Based Security involved businesses of all sizes, across a wide range of industries. We might hear more in the media about attacks on world-reaching multinationals, but that’s only because they’re more newsworthy – in reality, we’re all at risk.
More data, this time from Internet Service Provider Beaming, shows that 63% of small businesses in the UK suffered cyber attacks in 2017, at an average cost of £65,000 per victim – that added up to £13.6 billion across the year.
Identifying vulnerabilities and threats
The first step in tackling cyber crime is to understand what makes an organisation vulnerable, and experts typically point to two main things:
Outdated systems: Cyber criminals are evolving fast and so should you. IT systems should be updated regularly to make use of the latest security patches – this will happen automatically on all the major operating systems, but it’s not always a given with software from lesser-known providers.
Poorly trained staff: A 2018 report from Verizon showed that 90% of all malware finds its way into businesses via email. All it takes is for one employee to get fooled by a fraudulent email and to click a harmful link.
UK businesses are attacked once every minute. While you can’t avoid these attempts, you can do more to stop the attackers getting through.
Prevention begins with updates and education. Your IT team and any tech suppliers you use should be on top of the latest trends in cyber security, and regular patches and tests are imperative.
Next, train all staff about the risks and threats posed by cyber criminals – make sure they understand what’s at stake and what steps they can take to avoid becoming a weak link. If you can’t do this in-house, consider enlisting a dedicated cyber security training provider.
You’ll also find external help in the form of cybersecurity auditors and specialist insurance companies – the former will help you identify vulnerabilities while the latter will minimise financial impact should you fall victim.
Building a culture of cyber-awareness
Training existing staff isn’t the only way to build a cyber-aware culture within your business – it’s something that must be considered during recruitment too.
Your IT staff should of course be fully adept with cyber security matters, and candidates for roles in other areas of the business also need a certain level of understanding. Include basic awareness and tests as part of your hiring process to ensure you’re not making your business more susceptible when bringing new people on board.
For help expanding your cyber-aware workforce, and in building a formidable team of cyber-security experts, get in touch.