The Multi-Tiered Threat of a Data Breach

The financial services industry is a high value sector of domestic and international adversary targeting. Vulnerable systems are susceptible to intrusion. What is a vulnerable system? Well, potentially anything that connects to the internet!

The Multi-Tiered Threat of a Data Breach

The financial services industry is a high value sector of domestic and international adversary targeting.  

 

 

Vulnerable systems are susceptible to intrusion. What is a vulnerable system? Well, potentially anything that connects to the internet! Unless there is a physical airgap, it’s vulnerable. There are many reasons why your business could be targeted by cybercriminals.  

Kloudwerk identified a few potential threats to your business; should you find yourself breached and facing liability due to poor cybersecurity systems and processes. 

 

Reputation 

Rather than think of reputational damage from the perspective of a manager or board member, consider how you would perceive your local bank, sporting club, or amazon account that is hacked and your personal data stolen.  

What kind of data would the cybercriminals now have in their possession about you? Your full name and address? DOB? phone numbers? credit card details? next of kin details or perhaps all your family members information?  

So, what are cybercriminals likely to do with this stolen data? It is possible that it will find its way for sale on to the Dark Web. The options available to criminals regarding your personal data is alarming.  

The question to now consider is, “can I trust this business/organisation again?” Chances are, unlikely! 

This will almost certainly be the question considered by all your clients should your business experience a data breach. Their judgement may be severe if it appears you have not looked for appropriate specialist advice or support in this critical area.   

Regulatory Authorities 

Significant penalties may be imposed if your business is found negligent in the storage and protection of customer data. In the UK, residents’ personal data is protected under the UK General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018. 

Depending on the level of breach, the UK GDPR and DPA 2018, alongside the Information Commissioner’s Office (ICO), can either enforce a permanent ban on data processing, issue a warning, or impose a fine of up to £17.5 million or 4% of your annual global turnover, whichever is greater.  

The consequences of action from a regulatory body may be enough to end your enterprise, quite aside from the reputational damage. When you consider the return-on-investment options available in the UK market for cybersecurity consultancy, the decision to act in the interests of business continuity should be a relatively simple one. 

Source: https://www.itgovernance.co.uk/dpa-and-gdpr-penalties

 Ransom 

We have all heard or read of a local business, a global tech giant, such as Microsoft, or even a government agency, being held to cyber ransom. What can these businesses, big and small, do in this situation? 

Let me tell you a quick story about a business that was recently breached, their data encrypted, and held to a rather large ransom. It was a Wednesday afternoon and a temp secretary was filling in for a sick employee. A client email arrived in the office inbox and the temp worker started to read it. 

The client was sending evidence of payment via an attachment and link that was embedded within the email. Everything looked correct, the account manager’s name, the goods ordered, and total paid all appeared valid, including the language – it was very friendly and grammatically correct. Indeed, it didn’t have any of the characteristics that would trigger internal alarm bells. The temp opened the link. 

The antivirus software didn’t pick up the malicious code and when the link was activated, all the systems data for the business was encrypted – everyone was locked out completely!  

The IT department could not decrypt the data or even know where to start to fix the problem. For management, the only immediate solution was to pay the ransom – the equivalent of £60,000. 

The outcome of this incident is that the business promptly paid the ransom and, very fortunately, the cybercriminals supplied the decryption key. Sometimes they do not.  

What did the small business do next? They promptly engaged cybersecurity specialists to ensure their IT department was complemented with cyber resilient processes and procedures to mitigate any future attacks. Antivirus wasn’t going to cut it against sophisticated malicious code. 

Trade Secrets Theft – competitive advantage loss 

Your Intellectual Property (IP) or Proprietary Information (PI) is something to be held under lock and key, distributed on a need-to-know basis only for commercial opportunities.  

What does intellectual property entail? Typically, IP can include copyright material, patents, and trade secrets along with all sorts of sensitive information vital to your business interests. 

If you are like most businesses in the 21st century, you use digital storage (likely cloud-based) for sensitive information. How secure is it? Could it stand up against a sophisticated cyber-attack? 

The economic advantage of your IP/PI may be directly proportional to the lengths an adversary will go to, in order to steal it. How will you ensure it is secured to industry standards? It is important to understand that an IT professional and a Cybersecurity professional are different animals, who perform very different functions.  

In a 2020 survey conducted by Aon, over 53% of costs from cyber incidents related to IP theft (see image below).  Has your business conducted a cyber risk assessment regarding your intellectual property?  

Chart Description automatically generated

Source: Financial Impact of Intellectual Property 

What can you do? 

If you own or manage a small, medium, or large enterprise and experiencing a live incident, or have been victim to a cyberattack, the UK National Cyber Security Centre (NCSC) can help you – Report.  

For further information on Cyber Incidences from the NCSC, click here.  

If your organisation is not clear on the cyber risks, or the solutions, Kloudwerk are here to help you. We fill your security gap by utillising seasoned security professionals in our affordable consulting packages. 

– We build an understanding of your organisation
– We develop a roadmap to address key risks
– We help you implement the required changes and keep your business protected on an ongoing basis. 

Visit our Cyber Consultancy page for more information

Share:

Facebook
Twitter
Pinterest
LinkedIn

Leave a Reply

Your email address will not be published.

On Key

Related Posts

WEBSITE SECURITY REPORT

GOLD

Imagine you own a house and want to add an additional floor. First you have to review and strengthen the foundations. This service builds cybersecurity foundations to facilitate growth in a resilient, timely manner.

This service will also provide the company with a cybersecurity risk assessment and improvement plan but with significantly more support from a senior consultant to help the company embed improvements in a continuous, timely manner

SILVER

The dreaded car MOT is looming. It’s the unforeseen wear & tear that results in some necessary annual maintenance. Our cybersecurity review will highlight what needs to be done as your engineers.

In addition to the context gathering stage and security footprinting service, a senior consultant will perform a risk assessment to understand the company’s cyber risks and provide recommendations. They will also be available to undertake monthly calls for answering questions, providing guidance and checking on whether risks are reducing.

BRONZE

You’re embarking on a more active lifestyle, chosen to go on a diet and get in shape. Think of this service as the cybersecurity equivalent of the personal trainer, helping you along the way.

After an initial context gathering stage, a junior security consultant will be available once per month to answer questions and provide recommendations based on company goals and activities. A cybersecurity footprinting service will allow the company to continuously monitor its external security posture.

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.