Cyber Attacks And Ways To Prevent Them
Cyber-attacks are a clear and present danger. Said to be the “fastest growing crime”, the damages incurred due to cybercrimes is expected to reach £6 trillion per annum by 2021!
In the UK, according to a survey by DCMS, £1,570 is the average cost incurred with a single cyber-attack, with bigger companies incurring £19,600. And consequently, the expenses on cybersecurity products are slated to go up to £1 trillion in the next five years, from the current $80 billion. Cybercrimes are also the predicted to be triple the jobs in cyber-security in the coming years.
The damages due to ransomware has seen a fifteen fold increase in two years since 2015 and is expected to cost more than £5 billion in 2017.
The DCMS report in UK also identified fraudulent emails as the top mode of attack. The recent attack on the parliament with more than 90 emails being affected is a case in point. According to a private cyber security statistics website, Malware was the top security threat in April of 2017 with 24.7% of all cybercrimes originating from them. The other major threats came from account hijacking and targeted attacks, but 21% of the crimes came from unknown sources, according to this private website.
Among the targets, the worst hit was particularly the software industry, followed by single individuals and government bodies. In UK alone, 50% of firms were affected by cyber attacks in 2016 with the government stating that a “sizeable” number of businesses do not have the required security systems in place.
Cyber insurance is one of the major focus areas for industries. According to Hiscox Cyber Readiness Report, 36% of respondents in UK had taken cyber insurance which is a low figure when compared to 56% in the US. The survey also highlights that a higher percentage of bigger firms have taken cyber insurance as compared to smaller ones.
Additional measures that have been mooted by experts and preferred increasingly by industries include employee training to recognize and prevent attacks, risk assessments, preventive software or hardware and constant updating of threat intelligence.
The defence against cyber-attacks needs to factor in a multi layered approach rather than be ad-hoc and limited to IT department. Experts recommend the following measures to tackle and prevent cyber-attacks in industries.
Development of a policy: Businesses need to have formal security policy in place with defined procedures and structures. The policy needs to be developed in an extensive collaboration between the IT team and business owners. A survey of more than 3000 key executives and IT heads revealed that only 40% of small businesses have a budgeting process and strategy for cyber security according to the Hiscox Cyber Readiness Report 2017. Tracking the metrics including the return on investment and having relevant security data available are key focus areas for businesses. Guidelines have to be developed which then needs to percolate down to all levels in a business enterprise.
Management’s role: The security planning has to begin at the executive and board level with the top management. Only 55% of respondents in a survey said the top management was involved in setting up cyber security. This will facilitate appropriate decision making and evolution of clear cut policies.
Investing in training: With the top cyber security coming from fraudulent emails and malware, it is clear businesses need to invest in training of employees at all levels. Experts believe training can effectively reduce number of attacks. The performance evaluation criteria should include competence in cyber security for the relevant personnel and this is the role that a human resource department can play.
Up to date technology: Encryption and authentication that are watertight are a must for every organisation according to experts.