By-Mark Burton is regional managing director at Lloyds Bank Commercial Banking in London and the South
The revolution in communications has transformed the way we live and the way we do business, from shopping online to accessing confidential information on the move.
But it has also put businesses on the front line against a new kind of criminal who are determined to exploit these technologies for their own ends.
Just this year, a number of household names have been targeted by hackers, causing panic for their customers.
The UK National Security Council has even named these cyber-criminals a “tier one” risk to national security, on a par with international terrorists.
They range from lone coders on bedroom PCs, hacking into corporate systems purely for the personal challenge, to sophisticated multinational criminal gangs in global conspiracies to steal either valuable data – or even huge quantities of cash.
Whatever the motivation, such attacks can spread quickly, are expensive to resolve, and can leave a permanent stain of a firm’s reputation, forever compromising trust with its customers and suppliers.
In extreme cases, attacks like these can damage a brand so badly it can never recover, so why does it seem some businesses are still not doing enough to identify and address the risks?
The latest research from HP Enterprise Security shows that the average cyber-attack takes businesses 31 days to resolve, costing on average £11,545 a day – that’s a total of more than £350,000.
Meanwhile, the cost of insuring against cyber-crime has also risen, especially for those businesses that are perceived to be high risk, such as those holding confidential data on their customers.
With the issue already costing the UK economy an estimated £27 billion a year, it’s time for business to step up to the growing challenge posed by the cyber crooks.
A risky business?
Cybersecurity isn’t just about being prudent. For any firm with online operations it must now be viewed as a fundamental part of their day-to-day activities.
It’s incumbent on any modern business to ensure they have the right processes in place and that there is sufficient oversight within the organisation.
When drawing up a strategy, some of the key questions businesses should be asking themselves are:
- What information would be most valuable to cyber-criminals?
- Do we have a clear procedure in the event of an attack?
- Who monitors our security and what information about threats do they provide?
- Have our staff received sufficient training about cyber-crime?
Whatever your business, your bank can help you make sure that the company finances are secure, and for e-commerce businesses, can also advise on what steps to take to ensure payments – whether made online or by using new systems such as contactless cards and Apple Pay – are entirely safe.
But cyber-security must be a company-wide concern. Building awareness throughout the business, including at board level, is as essential as installing security architecture and programmes.
This starts with training staff to identify risks and help prevent attacks, such as by ensuring all passwords are strong, regularly updated and properly protected.
Seemingly innocuous emails can harbour damaging malware designed to infect a system and steal information or spy on users without their knowledge, while scam emails asking for unusual payments to be made can appear very convincing.
Some companies are also employing ethical hackers to test their systems, simulating sophisticated attacks to test a company’s readiness.
These ‘poachers turned gamekeepers’ can then help draw up a defence strategy, which many firms find can dramatically improve their chances of resisting an attack.
Unfortunately, while companies must take steps to ensure they are as secure as possible, cyber-criminals are becoming more sophisticated every day, so realistically it may not always be possible to defend against a threat that is constantly evolving.
For that reason, businesses should be suspicious of any unexpected communication, and particularly any request for payments to be made in any way that is outside the company’s standard process.
In this ongoing game of cat and mouse between cyber-criminals and security, companies must also have a robust strategy to mitigate the impact of any successful attack and deal with the fallout.
The need for speed
When an attack does occur, speed is of the essence. If it can be identified within minutes, it may be possible to contain the breach.
But if a breach is not detected promptly and sensitive data is compromised, the impact is likely to be much more severe and result in serious damage to the company’s reputation.
Identity and access management technology could also prove crucial, along with good cyber threat intelligence to warn about emerging risks and suspicious events.
These procedures can inevitably prove costly – but the consequences of failing to act can be far worse.
Last year UK consumers and businesses made more payments with cards and cash transfers than with notes and coins for the first time, while four in five Britons bought something online in 2014, making us the most prolific online shoppers in Europe.
This trend will only continue and any business that does not have the trust of its customers and suppliers will find itself left behind.
Fraudsters and cyber-criminals will always be out to exploit any vulnerabilities they can uncover in corporate systems.
Don’t let yours be next.