BUSINESSES are facing an ever-increasing cyber threat, but the majority have no idea how to protect themselves or even how to recognise an attack on their company.
UK businesses of all sizes reported a 22 per cent increase in cyber crime in the past year alone, resulting in more than £1 billion in losses. Half a billion personal records were lost or stolen. Just last month we saw a large-scale DDoS attack causing major outages for Twitter, Spotify, SoundCloud and more.
Publicity around incidents of cyber crime and security breaches has been heightened and there is a greater public awareness of possible financial loss and risk of compromised privacy, but recognising the risk and dealing with the risk are two completely different things.
Loading article content
Polly Purvis is chief executive of ScotlandIS. She says the financial and reputational cost of lost data, of having your systems hacked, of falling foul of scammers is significant, and she warns that hackers are becoming “increasingly sophisticated”.
“It is a real challenge to keep on top of the latest developments. Sharing information across security agencies, and through business associations, and other groups is important in keeping everyone up to date.
“With the increasing roll out of the ‘Internet of things’ with ‘smart’ devices for example in our homes, at work and in transport – makes implementing good security practices even more important.
“And the increasing effort being made by unfriendly hackers, criminals and governments of other countries to disrupt, damage and infiltrate technology systems means that the threat is potentially enormous. Which is why we all need to put in place sensible procedures to ensure we are as protected as we can be.”
So what are “sensible procedures”? What can businesses do to protect themselves from a cyber attack?
Well, since 2012 the advice from governments in the UK and the US is to assume you are already under attack and further to assume that your defences have already been breached. You should make your staff aware of the risks out there and have clear cyber protocols in place to help them to avoid getting you and them into hot water.
Stuart Macdonald is MD of Seric Systems and specialises in cyber security. He says the threat to Scottish businesses is “massive and underreported”. He said: “Eighty per cent of our security customers come to us through panic rather than planning and I wish that wasn’t the case.”
He points to information sites like cyberstreetwise, for those needing the ABCs of Cyber, to programmes such as Cyber Essentials and Cyber Essentials Plus. These programmes put best practice advice into place and test it with a third party.
“Currently, Scottish Enterprise has 100 per cent grants available for SMEs wanting to put Cyber Essentials in place. However, this grant funding runs out in January 2017, so I would urge businesses in Scotland of any size not to let this funding slip through their fingers, but to go through Cyber Essentials now and make their businesses more cyber resilient,” said Macdonald.