Businesses Unprepared for Hack Attacks
Bosses are oblivious to the damage hackers could wreak on their businesses and are already out of touch with a threat landscape that is constantly changing.
A group of security experts issued this stark warning to firms at a round table event held by hosting solutions firm UKFast at its Manchester head office.
Asked if businesses should be afraid of hackers, the panellists cited statistics that show cybercrime costs the UK economy £27bn a year – £21bn to businesses, £2.2bn to government and £3.1bn to citizens. Data protection specialist, Tony Richardson, confirmed the motivations of hackers, telling the panel that each individual record or name is worth £1,000 in the cyber community.
He said, “People don’t realise how significant a threat it is, it seriously needs addressing. Unfortunately businesses need to be bitten once before they consider any kind of information security policy.”
Discussing the difficulties presented by an “always on” workforce that uses mobile devices to access all manner of company information, Philippe Jan, a cyber security specialist and lecturer at Lancaster University, said: “Businesses are facing a big problem. A firm’s internal systems are accessible from so many different devices including personal phones and other mobile devices and we have more or less lost the battle of keeping those devices secure.
“Years ago we had a very fenced-in network, you were in or you were out and therefore it was easy to defend against. Now, that fence has been blown away. The last frontier, the last battle we have to win is the one to protect the actual data.
“Because we have lost control of the end-point devices, and anyone can be accessing the data from anywhere and at any time, we need to focus on the end user and educate them.”
Stuart Coulson, of data security specialists Secarma, added: “Technology is everywhere now. You sit in a train carriage and the first thing everyone does is get their phone out. They’re on Facebook and Twitter and they’re texting. Everyone has a device in their pocket that is internet-enabled. We are going to see a massive push towards mobile devices and hackers will find more and more applications that they want to break.”
Jonathan Bowers, UKFast’s communications director, asked the panel how the threat from the external hacker compared to that posed by employees.
Richardson said: “As much as 50 per cent of security breaches are as a result of malicious or accidental internal activities. There’s no silver bullet. Security awareness needs to be brought to the table. Unfortunately very few businesses, even in the corporate sector, pay any more than lip service to it. We can keep throwing technical solutions at this problem but it’s the education, or rather the lack of it, that needs to be addressed.”
Referring to reports that show less than 20 per cent of organisations have any form of security awareness policy in place, Dave Whitelegg, of ITSecurityExpert.co.uk, said: “Businesses are dropping their guard on this. They need to realise that hackers, the bad guys, are always out there testing the locks on your windows and your doors. The question is, what are you doing to secure those windows and doors?
“Most of the hack attacks are very simple, they’ve been around for over a decade yet businesses are still falling victim to them because they are ignoring the need for education amongst their staff.”
Tips to guard your business from hack attacks:
– Start with a thorough review of your business, identify your key assets (machines, software, processes, people)
– Assess the threats that could materialise against those assets
– Implement a program to mitigate those risks
– Remember the biggest weakness is the people inside the business. Educate them on what they can and can’t do in every area of the business including what they can say on social networks and in the train carriage
– Don’t wait until you have a serious security breach to take action. Do it today.
– 75 per cent of attacks are aimed at the application layer and 85 per cent of vulnerabilities lie in the source code. Train the people designing the applications, and the developers to take a secure approach. Testers need to test more for security flaws
Notes to Editor
UKFast is one of Europe’s fastest-growing technical companies (as ranked by Deloitte) and has been at the heart of the UK internet industry for more than 10 years. In addition to being named as one of The Sunday Times best companies to work for, it collected the industry’s Best Customer Service Award in 2009 and has been named the ISPA’s UK Best Hosting Provider four years consecutively. It has over 400,000 web domains on its network and over 4,000 clients across all industries. Clients include UKTV, Chelsea Football Club, Mulberry and Barclays Bank.
About the roundtables:
The UKFast round tables bring experts together to look at how the internet has changed the way we do business. The themes are focused on vertical industries or topical themes, with subjects ranging from tweeting businesses to PCI compliance, from sustainable online society to e-commerce and the mobile web.
To date, big brands including the BBC, Travelzoo and Learn Direct have brought their knowledge to the table, alongside some of the UK’s fastest-growing companies including Envirofone, Historic Futures and Printerland.
Upcoming roundtables will focus on: Powering the Internet – a Sustainable Focus, Recruitment and the Internet and Virtual Politics.
Write-ups of previous round tables such as, Mobile Commerce, Online Customer Service in Retail, and Twitter as a Marketing Tool can be found on the UKFast site at http://www.ukfast.co.uk/mediacentre. Videos can be viewed at http://www.ukfast.tv/
For further information and high-resolution images contact Aisha Jefferson on 0844 576 3909 or firstname.lastname@example.org.