2015 has seen many high profile cyber-attacks on well established companies and business across the globe. One of the biggest attacks, against Sony Entertainment at the back end of 2014, has recently been in the news again due to the $8 million settlement that has been agreed with regard to compensating affected employees. The $8 million figure is just a small part of what this large scale attack would have cost the business, with estimates ranging from $35 million up to $100 million.
Other attacks that have made front page news this year include the data breach on Ashley Madison, the online dating website that encourages people to have affairs. This attack is believed to have seen over 11 million different user’s data compromised – data that included bank account information alongside some slightly more embarrassing information in line with the service Ashley Madison provided. In the UK, Carphone Warehouse, the largest high street mobile phone retailer in Britain, suffered what they described as a ‘sophisticated cyber-attack’ in August 2015. This attack saw the personal details of approximately 2.4 million customers accessed by hackers. This data included bank account details, home addresses, names and dates of birth.
There currently seems to be more focused and highly sophisticated cyber-attacks taking place, including against a number of very high profile businesses. This should act as a wakeup call for a lot of companies in terms of making sure their cyber security is up to date and as strong as it can be – cyber-attacks are unpredictable and businesses are always at risk of it happening to them. So, just how much of an issue are cyber-attacks and how can you ensure that your security processes are strong enough to withstand an attack.
The cost of cyber-attacks
The story surrounding the cost attached to the Sony following their attack last year is a stark reminder to businesses of all sizes of the potential financial cost caused by cyber-attacks. It is estimated that the average cost to a large organisation following a bad security breach was between £600k to £1.15 million, this reduced to between £65k and £115k for small businesses. These incurred costs had doubled on 2013’s figures and show how the impact is growing ever greater.
Couple the above with the fact that 24% of large organisations reported that an outsider had penetrated their network in 2014 then you start to develop a picture of the ongoing threat and the potential cost each attack costs. You have to remember that the majority of cyber-attacks stay under the radar and it is only when there are successful attacks on household name, or industry leading firms that it makes the news. Just because there has not been details of a major hack on the news for a few months does not mean they have suddenly stopped – indeed the average cyber security breaches for a large organisation in the UK was 16 last year, more than one per month.
How to stay protected
Online retail is continuing to grow at a rapid pace, with an estimated £52.5bn being spent online in 2015, up from £44.97bn in 2014. As long as this growth continues it is fair to assume that the number of attacks will increase in line with the retail industry. The most important thing to do is consider various security related issues from the outset of having an online business that collects user data.
There are a number of companies that provide testing services and threat detection systems that monitor your network and websites for any potential security breach. There is a trend for companies to commission penetration testing services, often referred to as ethical hacking, where a cyber security company will hack your online infrastructure and reveal the weak points within the system. It is hugely important that companies who deal with customer data ensure it is kept safe as both the reputational and financial implications can often be unrecoverable for small businesses. When considering cyber security it is always a good idea to talk with specialists within the sector to understand what is required and build up a strong system that’s capable of withstanding a cyber-attack.
Article provided by RedScan, UK specialists in enabling businesses to effectively manage their information security risks – since 2002.