Cyber Security: Staying secure in a digital age

The cost of cyber security in the UK was a staggering £3.1 billion in 2022 according to the National Fraud Intelligence Bureau. On a global level, attacks in Q3 2022 were 28% higher than the same period in 2021, and according to the latest SurfShark Cybercrime statistics, the UK in 2022 had the highest number of cybercrime victims per million internet users.

With such disturbing and worrying statistics, it’s clear that organisations in the UK ignore cyber security at their peril.

Dangers

Loss of data can cause significant business disruption and a breach of data can result in fines and damage to your customers as well as your reputation in the market.

An infected system can also force a website to close which could mean losing money from missed transactions, losing customer trust, and risking lasting damage to your system.

On the other hand, if you can prove that your business is effectively protected against all kinds of cyber threats, you can inspire trust in your customers and clients. It’s worth remembering that ensuring the security of your systems and the privacy of your customers’ data is a critical part of being a responsible business and ensuring trust from all stakeholders.

Not only will personal information regarding your employees or customers be safe, but an organisation that takes cyber security threats seriously will also most likely that you’ll benefit from improved productivity.

Full digital security allows your employees to surf the internet as and when they need and ensure that they aren’t at risk from potential threats. Viruses can also slow down personal computers to a crawl, cause a lot of wasted time for your employees, and even bring your entire business to a standstill.

The threat of AI

With the increasing variety and sophistication of cyber threats, your systems need to be reviewed constantly and kept up to date with the latest preventative measures.

A major trend, for example, is the increasing use of artificial intelligence (AI) and machine learning (ML). Many companies are using these technologies to analyse large volumes of data, identify patterns and anomalies, and take automated actions to prevent or mitigate attacks.

However, threat actors (the people behind cyber-attacks) are also taking advantage of AI and ML tools to improve their attacks. Losses from phishing attacks significantly dwarf losses from all other cybercrime categories and advanced chatbots can now be deployed to compose realistic phishing emails.

Taking action

According to the Ponemon Institute as many as 43% of all security breaches are insider threats, either intentional or unintentional.

Research conducted by risk solutions provider Kroll in 2018 found that 88% of data breaches were caused by human error — the most common of which were sending sensitive data to the wrong recipient, the loss or theft of paperwork, forgetting to redact data, and storing information in an insecure location.

One of the most common ways cyber criminals get access to your data is through your employees. They’ll send fraudulent emails impersonating someone in your organisation and will either ask for personal details or for access to certain files.

It is vital therefore that when looking to protect your organisation from cyber threats to train your staff on cyber-attack prevention and inform them of current types of attack.

Other things that you can do are:

• Enforce multi-factor authentication (MFA) for all online accounts.
• Keep systems and software fully up to date.
• Maintain a network firewall and ensure IT devices, includes mobile phones, are protected.
• Physical security matters. An office intruder can plug a rogue computer into your network and infect it.
• Separate log-ins for all employees will reduce the attack fronts in your network.
• Manage your admin rights to minimise employees installing software and accessing sensitive data.

Summary

My advice is very straightforward. Don't wait for disaster to strike, take immediate action by maintaining good basic cyber hygiene, such as strengthening device security, educating employees on identifying threats, and having a robust incident response plan in place to mitigate the damage of any successful attacks.

The future of your business depends on it.

How we can help

As part of its ESG offering to clients, Irwin Mitchell has launched a Cyber Security Health Check. The service involves specialists from our cyber team conducting a comprehensive audit of an organisations cyber-security covering 15 risk areas, including a check of the organisation's real-world digital footprint and cyber-risk exposure. For further details visit our website here

Graham Thomson is Irwin Mitchell’s Chief Information Security Officer