4Secure are urging businesses to protect themselves from cyber attacks.
The news headlines in 2020, were perhaps understandably, dominated by the Coronavirus.
…However, this does not mean it is the sole source of challenges in our world.
2020 tragically saw possibly the first death to be caused directly as a result of a cyber-attack, on a hospital’s IT systems, that resulted them being unable to admit a female patient who later died as a result of the delay and being diverted elsewhere. In this case, the clinic in Düsseldorf was hit by a ransomware attack that exploited a bug in their VPN system to gain access. The ransomware encrypted critical computer data resulting in the failure of key IT services and several days of down-time.
There have also been increasingly sophisticated cyber-attacks against a growing number of home and remote workers, using newly issued, or potentially unfamiliar, IT systems as they struggle to cope with the chaos of the pandemic. These attacks have targeted the very tools used to enable access and collaboration including efforts to gain remote access credentials, faked Zoom accounts and social engineering. There is also a reported increase in malicious emails exploiting anxieties related to the pandemic.
What also seems clear is that whilst ‘traditional’ fraud and extortion methods (to gain access to online accounts or deploy ransomware) are still occurring, there is a worrying trend to suggest that organisations directly involved in the response to, or research of, COVID-19 are being targeted by foreign states for the purposes of information collection.
All of this leads to a very sobering conclusion – any organisation, large or small, is a potential target of cyber-attacks that are becoming more sophisticated. You may be reading this and thinking “but I’m not in healthcare” or “we do landscape gardening, why would someone attack us?” but the reality is that every business has assets that need to be protected; your information, your know-how, your bank account details.
And it’s not just cyber-enabled “theft” – in the case of the German hospital, a woman died as a result of a ransomware attack. The vulnerability that was exploited had been known about since December 2019 and remained unpatched. Prosecutors have opened an investigation into the “negligent homicide” as a result.
Imagine if an attacker was to deny you access to your accounting information, or your customer database in an effort to extort money from you. It might not be directly life-threatening but could possibly place your entire business at risk of collapse – especially if you cannot afford to pay the ransom.
Prevention is better than cure
So, as with many things in life, being prepared is key. Ensuring your critical IT systems are secure, protected and up to date will, in most cases, defend against almost 80% of common cyber-attacks.
By signing up to the “Cyber Essentials” scheme, businesses can better understand these risks and put into place appropriate technical controls across five key areas.
With a “self-assessment” option starting at a fixed price of £300, Cyber Essentials is cost-effective for any organisation. Each assessment is independently verified to give peace of mind that your defences will protect against the vast majority of attacks. Cyber Essentials PLUS also includes a technical audit of your systems and security controls to provide an enhanced level of confidence.
Forewarned is forearmed
The other crucial line of defence is the staff themselves. As I noted above, remote and home workers are being increasingly targeted because they are perceived to be ‘at risk’. By investing in the cyber-security awareness of your team, you substantially increase their ability to identify, and not fall prey to, scam emails and other malicious activity.
At 4Secure, we help organisations achieve Cyber Essentials and to prepare for cyber incidents by educating their staff and putting the right defences and processes in place.
Our entire ethos is built on trust – you can rely on us to give you the right advice and guidance, at the right time, to help solve your data security challenges.
Our virtual Data Protection Officer (vDPO) and virtual Chief Information Security Officer (vCISO) services offer expert level data protection, GDPR-compliance and information security skills “on demand” without increasing headcount.
We also offer additional services including our VEILLANT security monitoring centre that offers customers 24×7 visibility network activity enabling real-time alerting – or a response – as necessary.
If you have questions, we’d always welcome a chat. Feel free to get in touch for a no-obligation discussion if you feel we can help.
Contact us on; 0800 043 0101 or email email@example.com