To help combat the rising cybercrime rates, the UK Government launched its Cyber Essentials programme in 2014 to give companies a framework and tools to help protect their businesses and systems. Companies can gain basic certification by implementing key processes in five core areas and verifying them through the submission of a self-declaration. In fact, it has made Cyber Essential certification mandatory for suppliers bidding for government contracts to show that they not only take the subject seriously but that they are also protected against the most prevalent threats.
Why is Cyber Essentials essential?
Cybercrime is costing the global economy millions and, at a time when economic activity is virtually dependent on the internet, cybercrime is now so prevalent, Americans are actually beginning to curtail the amount of time they spend online. Security has become one of the most vital of the cyber essentials, but the specialists are being hampered by the lax attitude of users.
At a cybersecurity conference in Las Vegas last week, delegates were told that many cybercriminals are now concentrating on a scam that is becoming increasingly profitable, by capturing business data and ransoming it back to companies. The average ransom paid last year was $300; this year it is $679 and rising. The reason why companies are paying the ransom is because without adequate backups, it’s easier and quicker for them to pay the criminals than try to get their systems up and running again.
Who is to blame?
The basic answer is, us. We are the ones that don’t back up our systems religiously, who are happy to click on unknown links on the promise of juicy information or a bargain. We are even happy to pick up a random USB stick in the street and open it on our computers.
What people seem to be unable to get their heads around is that everyone is being targeted all the time. It is now no longer about if you are going to get hacked, rather when. So vigilance is needed at all times.
The logic behind cyber security is astoundingly simple – keeping your staff and data safe and the bad guys out. If you don’t, you will damage your reputation, lose business, lose data and lose money. The figures make sobering reading – 98% of tested web apps are vulnerable to attack; 65% of large UK companies are targeted by cyber criminals; 25% of companies are breached at least once a month; the average cost of a breach is £36,500; 93% of Data Protection Act breaches are caused by human error.
How can your business tackle the scale of cybercrime?
Ensuring your company is protected isn’t just about having the right firewalls and malware protection, it also requires common sense:
In a 2015 study, PwC discovered the extent of the problem: 75% of company directors were not involved in the review of cyber security risks; only 48% of businesses have recommended measures in place; and only 12% of small businesses undertake any kind of staff cyber security training. It makes grim reading, but can we blame them? The majority of companies are spending their resources doing what they are best at – running their business. The best way forward for company directors who think they have too little time to make sure adequate steps are in place to protect their businesses, or have no inclination to do so, is to outsource the task to a specialist managed services provider.
A good company will take all the cyber-weight onto their own shoulders so businesses can concentrate on what they’re good at, without the nagging worry that they are leaving themselves open to attack. The costs involved will be a lot cheaper than trying to save the business in the event of a major breach, and with none of the damaging interruptions in trading or to carefully built up reputations.