The 2018 WannaCry ransomware attack on the NHS, which should have been totally preventable, cost the organisation a staggering £92 million. The Members of Parliament report on the incident revealed that all of the 200 NHS hospitals and trusts investigated failed cybersecurity checks.
But it is not only large public institutions such as the NHS that are putting themselves at risk with poor cybersecurity strategies, many businesses and individuals are also placing themselves at risk, particularly during the mass migration to remote working forced by the coronavirus crisis.
The Centre for Economics and Business Research (CEBR) has estimated that cyberattack costs for businesses run at around £34 billion, which includes the costs of revenue and intellectual property loss, and the costs of increasing cybersecurity.
As well as this is the financial burden placed by regulatory fines due to a lack of adherence to cybersecurity mandates, as was discovered by British Airways when they ran foul of GDPR and were subject to fines of £183 million.
Many small businesses may think that they will not be noticed or targeted by cybercriminals, but it’s these reasons and the failure to develop and implement appropriate cybersecurity defences that can make a small business a prime target.
Security provider Carbon Black has stated that 88 per cent of UK companies have been victim to a data breach in the past 12 months, which proves that is it now ‘if’ a cyberattack occurs, but ‘when’.
When it does happen, some small businesses may never financially recover from the attack, and be forced to close their doors.
The incredibly high costs in repairing the damage from a cyberattack surely provide a sound argument for investing in preventative cybersecurity measures and to develop a sound cybersecurity strategy.
We have some actionable ways for UK companies to help mitigate the risks and improve their cyber defences.
Employee Education & Ongoing Training
Criminals are always ready to take advantages in a system, particularly those caused by human error, to launch their attacks. The pandemic has seen a rise in phishing attacks to use an employee to gain access to a company’s systems.
While the majority of employees are aware of such scams and the dangers of clicking on links in emails, they are not as cautious as they should be.
The latest social engineering cyberattacks are far more sophisticated and well removed from the old Nigerian general and his offer of a few million dollars. Companies must run regular cybersecurity workshops for all employees. Training also needs to be updated as soon as the company’s systems or procedures change.
Workers must realise that cybersecurity is everyone’s duty, not just that of the company IT department.
Testing & Checks
Firms should also invest in third-party cybersecurity experts to carry out penetration testing and check for vulnerabilities in the company’s network and systems. This is particularly of relevance to e-commerce companies that deal with payment portals, and companies that handle large amounts of sensitive client data.
The cost of being a victim of cybercrime can be very high. To mitigate the risks and the financial burden, it’s vital to take cybersecurity very seriously.
If you need IT support and services in Yorkshire, then get in touch with our team today.