A recent study has revealed that UK firms are “severely unprepared” for Cyber Attacks – with potential invasions wreaking havoc for IT departments across the nation.

Nearly half of all businesses (46%) reported a cyber breach or attack in the past 12 months*.

*Cyber Security Breaches Survey 2017, Department for Digital, Culture, Media & Sport.

This is reinforced in the findings from the second annual Resilience Report, published by Cyber Security analytics platform RedSeal. By interviewing 600 senior IT decision makers about the cyber challenges they face, RedSeal found the following alarming results:

• 54% of IT teams don’t have the tools and resources they need.
• 55% can’t react quickly enough to limit damage in the event of a major security incident.
• Only 20% of teams are extremely confident their organisation will continue running as usual after discovering a cyber breach.

What does this tell us? That IT security teams are struggling to keep up with the current level of cyber terrorism, foreshadowing a virtual epidemic.

So what is Cyber Security

Cyber security – also often labelled as information technology security – refers to the range of techniques used to protect your networks, programmes, hardware, software and data from a harmful attack by an external source.

Are there Different Types of Cyber Security Incidents?

The source is the main distinguishing feature between types of Cyber Security incidents. These invasions can range from a minor phishing email, instigated by a solo attacker, to a global, organised crime unit looking to dissolve a major organisation. Both ends of the spectrum are, however, similar in their ability to drastically impact the running of your business.

How can businesses defend themselves from such Cyber Terrorism?

Cyber-attacks are most often composed of four stages: Survey, Delivery, Breach and Affect.

1. Survey – Tactic: Educate users – investigating and analysing available information about the target in order to identify potential vulnerabilities.
2. Delivery – Tactic: Create adequate security controls – getting to the point in a system where a vulnerability can be exploited.
3. Breach – Tactic: Maintain adequate security controls – exploiting the vulnerability/vulnerabilities to gain some form of unauthorised access.
4. Affect – Tactic: Implement Incident Response Plan (IRP) – carrying out activities within a system that achieve the attacker’s goal.

There are however various types of cyber security will which can be employed at each of these stages to deflect such an attack, and dramatically reduce its impact. These tactics are included below.

If your attacker has managed to bypass previous tactics, which is rare but a possibility, then their mechanisms are clearly sophisticated. It is now important to follow your Incident Response Plan – a procedure which should dictate how to minimize the impact of the invasion, rectify and clean-up the affected systems and get the business back up and running in as smooth a manner as possible

CREST suggest this IRP should consist of the following 10 steps:

I am a small business, should Cyber Security be a priority of mine?

If you’re a small or medium-sized enterprise (SME) then there’s around a 50% chance that you’ll experience a cyber-attack. For your small business, that could result in costs of around £1,400*.

Furthermore, from May 2018, there’s the possibility of increased fines if you fail to meet the requirements of the new General Data Protection Regulation (GDPR). These fines can reach a maximum of €80,000.

Can your small business afford that? If the answer is no, then we highly suggest that you make cyber security a priority.

*National Cyber Security Centre 2017.

Where do I go from here?

It is now more important than ever to ensure your business is secure from an onslaught of virtual attacks.