The Multi-Tiered Threat of a Data Breach
The financial services industry is a high value sector of domestic and international adversary targeting.
Vulnerable systems are susceptible to intrusion. What is a vulnerable system? Well, potentially anything that connects to the internet! Unless there is a physical airgap, it’s vulnerable. There are many reasons why your business could be targeted by cybercriminals.
Kloudwerk identified a few potential threats to your business; should you find yourself breached and facing liability due to poor cybersecurity systems and processes.
Rather than think of reputational damage from the perspective of a manager or board member, consider how you would perceive your local bank, sporting club, or amazon account that is hacked and your personal data stolen.
What kind of data would the cybercriminals now have in their possession about you? Your full name and address? DOB? phone numbers? credit card details? next of kin details or perhaps all your family members information?
So, what are cybercriminals likely to do with this stolen data? It is possible that it will find its way for sale on to the Dark Web. The options available to criminals regarding your personal data is alarming.
The question to now consider is, “can I trust this business/organisation again?” Chances are, unlikely!
This will almost certainly be the question considered by all your clients should your business experience a data breach. Their judgement may be severe if it appears you have not looked for appropriate specialist advice or support in this critical area.
Significant penalties may be imposed if your business is found negligent in the storage and protection of customer data. In the UK, residents’ personal data is protected under the UK General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018.
Depending on the level of breach, the UK GDPR and DPA 2018, alongside the Information Commissioner’s Office (ICO), can either enforce a permanent ban on data processing, issue a warning, or impose a fine of up to £17.5 million or 4% of your annual global turnover, whichever is greater.
The consequences of action from a regulatory body may be enough to end your enterprise, quite aside from the reputational damage. When you consider the return-on-investment options available in the UK market for cybersecurity consultancy, the decision to act in the interests of business continuity should be a relatively simple one.
We have all heard or read of a local business, a global tech giant, such as Microsoft, or even a government agency, being held to cyber ransom. What can these businesses, big and small, do in this situation?
Let me tell you a quick story about a business that was recently breached, their data encrypted, and held to a rather large ransom. It was a Wednesday afternoon and a temp secretary was filling in for a sick employee. A client email arrived in the office inbox and the temp worker started to read it.
The client was sending evidence of payment via an attachment and link that was embedded within the email. Everything looked correct, the account manager’s name, the goods ordered, and total paid all appeared valid, including the language – it was very friendly and grammatically correct. Indeed, it didn’t have any of the characteristics that would trigger internal alarm bells. The temp opened the link.
The antivirus software didn’t pick up the malicious code and when the link was activated, all the systems data for the business was encrypted – everyone was locked out completely!
The IT department could not decrypt the data or even know where to start to fix the problem. For management, the only immediate solution was to pay the ransom – the equivalent of £60,000.
The outcome of this incident is that the business promptly paid the ransom and, very fortunately, the cybercriminals supplied the decryption key. Sometimes they do not.
What did the small business do next? They promptly engaged cybersecurity specialists to ensure their IT department was complemented with cyber resilient processes and procedures to mitigate any future attacks. Antivirus wasn’t going to cut it against sophisticated malicious code.
Trade Secrets Theft – competitive advantage loss
Your Intellectual Property (IP) or Proprietary Information (PI) is something to be held under lock and key, distributed on a need-to-know basis only for commercial opportunities.
What does intellectual property entail? Typically, IP can include copyright material, patents, and trade secrets along with all sorts of sensitive information vital to your business interests.
If you are like most businesses in the 21st century, you use digital storage (likely cloud-based) for sensitive information. How secure is it? Could it stand up against a sophisticated cyber-attack?
The economic advantage of your IP/PI may be directly proportional to the lengths an adversary will go to, in order to steal it. How will you ensure it is secured to industry standards? It is important to understand that an IT professional and a Cybersecurity professional are different animals, who perform very different functions.
In a 2020 survey conducted by Aon, over 53% of costs from cyber incidents related to IP theft (see image below). Has your business conducted a cyber risk assessment regarding your intellectual property?
What can you do?
If you own or manage a small, medium, or large enterprise and experiencing a live incident, or have been victim to a cyberattack, the UK National Cyber Security Centre (NCSC) can help you – Report.
For further information on Cyber Incidences from the NCSC, click here.
If your organisation is not clear on the cyber risks, or the solutions, Kloudwerk are here to help you. We fill your security gap by utillising seasoned security professionals in our affordable consulting packages.
– We build an understanding of your organisation
– We develop a roadmap to address key risks
– We help you implement the required changes and keep your business protected on an ongoing basis.
Visit our Cyber Consultancy page for more information