Staying Secure in a Digital Age
Cybersecurity may not appear as urgent as the climate emergency, but, in reality, it is. Without constant awareness of the cyber threat, your business can find ESG and other goals so easily undermined.
The threat landscape becomes ever more complex, with an increasing number of devices and systems connected to the internet and more data being generated and shared. This constant growth in ‘attack surface’ creates more opportunities for attackers to steal sensitive information or disrupt operations.
- In the UK alone, the cost of cybercrime was £3.1 billion in 2022 (National Fraud Intelligence Bureau).
- The UK had the highest number of cybercrime victims per million internet users in 2022, up 40% from 2020 (SurfShark Cybercrime statistics 2022).
- Global attacks increased by 28% in the third quarter of 2022 compared to same period in 2021 (Check Point).
- There were 153 million new malware samples detected from March 2021 to February 2022 (AV-Test).
Battle for AI
A major trend is the increasing use of artificial intelligence (AI) and machine learning (ML). Many companies are using these technologies to analyse large volumes of data, identify patterns and anomalies, and take automated actions to prevent or mitigate attacks.
However, threat actors (the people behind cyber-attacks, whether they be criminals, nation-states or curious teenagers) are also taking advantage of AI and ML tools to improve their attacks.
Losses from phishing attacks significantly dwarf losses from all other cybercrime categories. Advanced chatbots can now be deployed to compose realistic phishing emails that are “weirdly human” (Wired). In 2019 criminals used AI to impersonate a chief executive’s voice and demand a fraudulent transfer of €220,000 (Wall Street Journal).
As many as 43% of all security breaches are insider threats, either intentional or unintentional (Ponemon Institute 2022).
Research conducted by risk solutions provider Kroll in 2018 found that 88% of data breaches were caused by human error — the most common of which were sending sensitive data to the wrong recipient, the loss or theft of paperwork, forgetting to redact data, and storing information in an insecure location.
One of the most common ways cyber criminals get access to your data is through your employees. They’ll send fraudulent emails impersonating someone in your organisation and will either ask for personal details or for access to certain files.
- Enforce multi-factor authentication (MFA) for all online accounts.
- Train your staff on cyber-attack prevention and inform them of current cyber-attacks.
- Keep systems and software fully up to date.
- Maintain a firewall and ensure IT devices such as mobiles) protection.
- Physical security matters. An office intruder can plug a rogue USB key into your network and infect it.
- Wi-fi networks must be secure and hidden to prevent devices connecting to your network.
- Separate log-ins for all employees will reduce the attack fronts in your network.
- Manage your admin rights to minimise employees installing or accessing certain data.
- Personal data protected. If hackers can obtain personal information regarding your employees or customers, they are quite capable of selling it on or even using it to steal their money.
- Productivity improved. Full digital security allows your employees to surf the internet as and when they need, and ensure that they aren’t at risk from potential threats. Viruses can also slow down personal computers to a crawl, cause a lot of wasted time for your employees, and even bring your entire business to a standstill.
- Website secured. An infected system can force a website to close down. This would mean losing money from missed transactions, losing customer trust, and risking lasting damage to your system.
- Customers assured. If you can prove that your business is effectively protected against all kinds of cyber threats, you can inspire trust in your customers and clients.
“Ignore cyber security at your peril. Businesses that fail to implement effective security measures and continuously update their defences will inevitably fall victim to devastating cyber-attacks.
“Don't wait for disaster to strike, take immediate action by maintaining good basic cyber hygiene, such as strengthening device security, educating employees on identifying threats, and having a robust incident response plan in place to mitigate the damage of any successful attacks. The future of your business depends on it."
Graham Thomson – Chief Information Security Officer