Cyber & information security training is a key tool in defending your business, but before we look at that let’s look at the threats facing you…
Whether you’re new to running a business, new to your role, or you’ve been in business for a while and you’re starting to focus on cyber security for the first time, you may have already discovered your first challenge – where to start?
You’ve no doubt heard of common types of cyber threats such as Phishing or Ransomware. These types of threats and the sometimes devastating results feature regularly in the mainstream media when larger organisations we’ve often heard of suffer attacks. But what about your business, your customers, your data? Are you at risk?
Businesses today are facing more frequent, more sophisticated, and more targeted attacks than ever before.
The Government Department for Digital, Culture, Media & Sport released the latest Cyber Security Breaches Survey (link) in March 2021. According to the survey, around 40% of all UK businesses have identified an attack or breach in the past 12 months. This is based on the number of identified attacks or breaches, it becomes more alarming still when we think about the attacks or breaches that were not picked up or identified.
If you’re thinking these figures are inflated by the ‘big target’ enterprises, you may want to take a closer look. Yes, the proportion of larger businesses reporting attacks and breaches is higher- up to 65%. In reality, the types of threat faced and the frequency of attack Is likely to be roughly the same whether you are a large or small business.
‘Phishing’ is becoming the most common form of attack by far with 83% of attacks being identified as such and typically- specific targeted attacks aside- these are sent out by the attacker far and wide, in a ‘scattergun’ approach that does not discriminate based on the size of your business.
So the bad news is that if you use email, you are just at risk as a micro-business as you are an Enterprise. The good news is however, that to defend against the vast majority of phishing attacks you don’t need a huge budget, or dedicated security teams or expensive technology- the most effective form of defence against phishing is awareness and education. According to the survey nearly two-thirds of identified attacks were picked up after members of staff raising the alarm. Making your staff aware of threats, what to look for and what to do (or not to do, which is possibly more important!) if they receive anything suspicious, costs your business relatively little but could save a lot- potentially even the business itself.
Thankfully, UK Businesses are getting better at preparing for and recovering faster from attacks.
The majority of businesses affected by a breach or an attack are able to recover much quicker now than when the survey first measured this time in 2017. 90% say they were able to fully recover from a significant breach within 24 hours, but more impressive than this is that now 72% of businesses were able to recover almost instantly- up from just 57% in 2017.
Preparation is key- knowing your risks, backing up your data, implementing well-versed procedures can all aid fast recovery. Even for small businesses and start-ups where security may not be at the forefront of your thinking, or where you may not have the expertise required in-house to effectively analyse and mitigate your risks, don’t ignore it- there are organisations and government entities like NCSC that exist entirely to help businesses like yours plan for and defend against Cyber threats.
As most data nowadays is captured, processed, stored and exchanged electronically, the issues affecting UK businesses are most often the direct result of some kind of security incident and represent what is commonly referred to as a “data breach”. A data breach can be broadly described as a compromise of either the Confidentiality, Integrity or Availability of data. This can come about in a number of ways such as Ransomware.
Ransomware is still on the rise. Not only that, but concerningly success rates seem to be up. This is not only in terms of the abilities of the Ransomware groups to infiltrate the networks of large, successful and (you might think) well protected companies, but also in terms of increasing likelihood that the victim company will actually pay the ransom.
There are many things an organisation can do in terms of systems, IT infrastructure and software solutions to mitigate the chances of becoming infected by Ransomware, however we would always encourage the covering of basics such as maintaining regular backups of your most important files and data right across your business. Alongside this, one of the most prudent approaches is to defend your business and data in as much depth as possible, making it harder for what does infiltrate your systems to access what is being targeted.
It’s a fact that each business is unique in terms of the cyber risks they face, so preparation is ever more important. Ensuring that your investment is not only in new capabilities, but also in your people will give you some of the best chances of limiting the impact of these two prolific cyber threats.
Our cyber & information security training courses covering Staff Awareness and Training for Business Owners & Leaders could be a great starting point, and for those of you further on in your Cyber Security Maturity we have a range of more focused courses.
With a combination of public courses where attendees will be from a range of organisations, and bespoke solutions for your business, we are experienced in ensuring that what we deliver suits the needs of your business.
We are focused on providing cyber & information security training that also brings personal benefits to individual attendees in their broader lives and not just in the workplace. We do not deliver a standard CBT session or something general, which might feel like a tick box exercise for the business and attendee, we ensure that we are linking the training with your specific process and policies.