If you’re not already a target – the odds are that you soon will be
Cybercrime is big business – the average cost to a business of an attack on a UK corporate target in 2019 is about £190,000, according to a recent survey carried out by an insurance company. And in case you imagine that a cyberattack is something that only happens to other people, you should think again. The same survey revealed that 55% of firms had already faced an attack in 2019 – a rise of 15% from the previous year, and according to the World Economic Forum, “74% of the world’s businesses can expect to be hacked in the coming year”.
The traditional Scout motto of “Be Prepared” would therefore seem to be an appropriate one to adopt in this regard, but along with US organisations, UK firms don’t appear to be following this advice. Less is spent on the enhancement of cybersecurity than in many other countries, and there is typically a lack of pre-assigned responsibilities in the event of a breach or incident being detected.
John Douglas, Technical Director at First Response, points out that “very few organisations have the technical skills in-house to deal with sophisticated multi-tier attacks, and often the well-intentioned but clumsy responses by server teams under pressure to resolve the issue will simply tip off the attacker and drive them deeper into the network.”
It also is a mistake, claims the head of Cyber at Hiscox insurance, to feel that one’s organisation will not be targeted. He puts this down to the fact that “we tend to only read about large breaches in the press” and therefore it is generally assumed that only large companies will be targeted by the cybercrooks. This is far from being the case.
Smaller companies are also vulnerable – maybe a ransomware attack on a SME where vital corporate files are encrypted and ransom demanded for their decryption will not bring as much money for the attackers as an attack on a major international institution, but it is still a profitable line of business for the criminals, and is probably easier for them to mount.
Attacks may come in many forms, by many different routes, with social engineering or ‘phishing’ emails being a common way of introducing the malware. It is important to be able to recognise these vectors, and to keep all staff aware of them, and to respond appropriately to their occurrence.
At First Response, our experienced team of Incident Response Specialists can work with you to develop a Cyber Incident Response Plan (CIRP). This assigns and develops the roles and responsibilities within your organisation in response to a cyberattack, and acts proactively to identify and eliminate any weak spots in your cyber defences. With the introduction of the GDPR, it is also necessary to have up-to-date accurate documentation on breach monitoring, detection and reporting, and our teams can help develop and maintain this.
With such a pre-arranged plan, which includes the 24/7 on-call services of your assigned First Response Incident Response specialist, who can provide guidance and advice, the disruption caused by a cyberattack, together with the associated costs, can be greatly reduced, allowing your business or organisation to continue running smoothly.
First Response also provide 24/7 security monitoring and management services which can be tailored to your specific requirements and environment, call our specialists now to discuss your needs.
Click here to read our article on extended detection & response platforms and how they can help mitigate the damage caused by ransomware.