This week David Cameron is set to meet President Obama at the White House and high on the agenda will be the increasing danger posed by cyber attacks. The recent Sony breach has dominated the column inches in recent months, but there are potentially far more serious and far-reaching attacks against the national infrastructure of both countries.
A GCHQ report set to be published this week (Common Cyber Attacks: Reducing the Impact) – keep your eyes peeled as we’ll be bringing the headlines from that report as soon as it’s published – reveals a sustained series of attacks against UK energy businesses.
In one recent attack referenced by the report, hackers inserted malware into an energy firm’s website, which directed visitors to a malicious website that the hackers controlled. Fortunately, robust monitoring of the network detected the attack before any damage could be done.
The report is set to reinforce the trend of an increase in the volume and severity of cyber attacks against all kinds of businesses. A 2014 report from the Department for Business, Innovation and Skills stated that 80% of large organisations suffered a breach in 2014, at an average cost of between £600,000 and £1,500,000 each.
The cyber security landscape is no better for President Obama and the US. As we reported last week, 2014 was the worst year on record for US businesses, with over 348 million records compromised, not to mention high-profile attacks on government departments, businesses including Target, Sony and Staples, and countless small to medium-sized organisations.
What can your business do?
So, while Dave and Barack discuss what they can do at a national level, what can you do to protect your business? Well, if you’re really starting from scratch and have little knowledge or expertise, the UK Government’s Cyber Essentials scheme is a great place to start. The scheme identifies five controls that organisations can put in place to rebuff 80% of the most common cyber attacks.
Building on Cyber Essentials is the international information security standard, ISO 27001. It advocates creating an information security management system to manage the confidentiality, availability and integrity of data, and is globally accepted as best practice for managing cyber security.
You can also download our free guide on cyber resilience below. It has loads of great information on how to improve your cyber security, what standards are out there and what will work for your business.