Whilst the reaction from both mainstream and social media was one of shock at the extent of this weekend’s global cyber-attack, for those working within cyber-security it came as little surprise.
Attacks on the rise
Some estimates put the global number of victims of cyber-crime as high as 300 million per year. Ransomware attacks, such as this weekend’s WannaCry virus rose by 35% from 2015 to 2016. It is no longer a question of if your business will be attacked; but rather, when.
However, the cyber-crime statistic of most concern is perhaps this one; “6 months”. This is now the average time cyber-criminals will remain in your system after a breach whilst they wait for the optimum time to strike. It’s too late to start locking the doors and windows if a burglar is already in the house.
Protecting your business
“As cyber-criminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems[i]”.
Whilst we endorse Microsoft’s sentiments, it is important for businesses to understand that the systems that need to be updated extend beyond the firewalls and software installed on our networks. An organisation can only be protected by the development and implementation of a “from the top down” cyber-security culture. Protocols must be drafted to ensure that all practicable steps are taken to keep systems secure and data un-corrupted. This should include development and testing of an incident response plan.
To assist clients in achieving this objective we have teamed up with Navigant’s[ii] leading cyber-security team to provide a cyber-security health-check to help manage this growing threat.
Please click here for further information on the service we provide in conjunction with Navigant in London.
Please click here for further information on the service we provide in conjunction with Navigant in Asia.
The key aspects of the health-check include:-
- An assessment of your IT policies, procedures and systems for effective cyber-defence.
- A summary of the relevant regulatory and contractual obligations imposed upon your business in relation to cyber-security.
- A review of your insurance protection for losses following a cyber-attack.
- Testing and review of your cyber-response plan.
It appears that luck played a significant role in halting the WannaCry attack. Whilst Marcus Hutchins should be lauded for his ingenuity[iii], too many companies are relying on luck to avoid cyber-breaches. This is a risky game to play.
The global media seem to attach significance to the fact that WannaCry ransom payments to date only amount to US$42,000[iv]. However, the cost to businesses from a successful cyber-breach will far exceed the ransom paid or sums remitted following a successful CEO scam or fake-invoice fraud. The costs incurred chasing down misappropriated funds, the losses from business interruption and the damage to your market reputation can bring a business to its knees.
This weekend’s attack is not just a “wake-up call for governments”[v] but also for the boardroom. Companies would be well advised to take steps now to ensure they have appropriate cyber-security systems in place. To do otherwise could place directors in breach of their fiduciary duty to the company. Just like any criminal, cyber-attackers look for the soft target. Act now to ensure your business does not feature in next weekend’s cyber headlines.
For further information on the cyber health-check, or on cyber-security generally, please contact Rory Macfarlane (Hong Kong) or Simon Cooper (London), or your usual Ince contact.
[i] Microsoft statement, 14 May 2017 following WannaCry attack.
[iv] The Guardian (online), 15 May 2017; “Cyber-attack could escalate as working week begins”
[v] Microsoft statement, 14 May 2017 following WannaCry attack.