Cyber risk is now a major threat to businesses. With digital technologies, devices and media – the way we conduct our business has changed and companies now face new exposures which can materially impact their operations .
Hackers are indiscriminately choosing their victims. It’s not a matter of who they are targeting but what they are targeting…your money and data.
It won’t happen to my business...
All types and sizes of organisations are at risk, not only high profile names which make the headlines.
Cyber crime is on the rise and small businesses are increasingly becoming the target of hackers due to their lack of cyber security budget.
Symantec’s 2016 Internet Security Report shows that small businesses have become a big target for phishers. Last year, phishing campaigns targeted small businesses 43% of the time.
Symantec reports that 1 in 40 small businesses are at risk of being the victim of a cyber crime.
That pales in comparison to the 1 in 2 large businesses which are targeted every year- multiple times- with a cyber attack.
How does a cyber attack affect my business?
A cyber attack or cyber incidental can have operational and regulatory consequences. Including:
- loss of critical data
- loss of customers due their personal information being stolen
- theft and extortion
- adverse media coverage/damage to reputation
- loss of trade secrets/confidential information
- negative impact on share price
- business interruption and loss of profits
- restoration and remediation costs to restore network
- regulatory actions and associated fines and penalties
- legal actions against Directors & Officers
How Can I Manage These Risks?
There is no silver bullet solution for cyber security. It is a complex risk in a forever-changing environment. A robust risk management approach is the best way to reduce the severity of a cyber attack when it happens.
Plan & Prepare:
- Assign primary responsibility for incident response in your organisation, having monitoring in place to assess the environment for cyber security threats, identify critical systems and understand what type of support your IT service providers offer. Put in place a business continuity and incident response plan and review it at regular intervals.
- Educate and train staff on data management policies, privacy protection and how to handle suspect emails
Assess how quickly you can access resources key to mitigate an incident and ensure you have the ability to identify and isolate an affected workstation or server.
Understand your legislative requirements and obligations for incident reporting and have procedures in place to provide information and reporting to relevant parties during an incident under the new mandatory breach notification legislation.