Cyber attacks and data breaches are inevitable, and with 41% of executives saying they spend at least twice as much on investigations and relation interventions as is lost to cybercrime, it is in every organisation’s best interests to be fully prepared.
Will it happen to my organisation?
Cyber attacks can happen at any time and to any organisation, although according to the Scotsman, small and medium-sized businesses are targeted more often “because they don’t have the same defences in place”. With an estimated 348,045 SMEs (small and medium-sized enterprises) operating in Scotland, cyber criminals can simply take their pick.
What are the costs of a cyber incident?
The costs are wide ranging: from significant fines for a data breach, to the risk of reputational damage, customer loss and fall in stock price, not to mention the cost needed to recover from the incident and return to ‘business as usual’.
Edinburgh University was recently targeted at one of the worst possible times – during busy Freshers’ week. The cyber attack affected the University’s website, wireless connections and many student services, crippling its computer systems for hours.
Arran Brewery is another example, this time relating to a ransomware attack. The brewery was locked out of its own computer system after being duped into opening an email attachment that contained a virus. According to the firm, the culprits then demanded two bitcoins, worth a total of £9,600, to restore its system. Arran said it declined to pay, despite losing three months’ worth of sales data from one server.
Don’t risk it: be breach ready
When NHS Lanarkshire’s network was infected by a new variant of Bitpaymer, they were still able to deliver services while the IT issues were resolved thanks to the contingency plans they had in place.
Incident response management can help your business reduce the risk of information security incidents. It not only allows you to identify breaches, prevent malware and remediate threats, but it also helps you to control your risk and exposure by setting up contingency plans for likely risk scenarios, helping you respond in a measured, controlled manner that minimises disruption.
Cyber incident response management should be part of every Scottish business’s overall strategy. To gain a broad understanding of incident response, and learn to recognise and mitigate potential risks before they become full-blown problems, why not view our three-part webinar series on incident response planning and management?
Helping Scottish businesses prepare for cyber incidents
IT Governance can help your organisation effectively prepare for, respond to and follow up incidents using the CREST cyber incident response approach and drawing on the ISO 27001 and ISO 27035 standards.
With more than 15 years’ experience in helping businesses achieve compliance with management system standards we can help you define, implement and effectively apply a cost-effective tailored incident response management programme in your business.