22
Apr
Cyber Security Update
in General
Comments
Some months ago we wrote about cyber security risks and how they can be managed. The article referred to the different types of risks, the scale of the problem and steps that can be taken to reduce those risks.
Following the outbreak of the Covid-19 pandemic, we felt it necessary to draw particular attention to the growth in number of attacks, in particular taking advantage of weaknesses in security arising from employees working from home. In addition to emphasising the importance of remaining vigilant to these threats, we made a number of suggestions that, if implemented, would reduce the risk of damage from such attacks.
In the earlier article we made reference to the 2019 Cyber Security Breaches Survey, completed by the UK Government’s Department for Digital, Culture, Media and Sport. The 2020 Cyber Security Breaches Survey was published in late March and identifies the changes and trends since the last report was made available.
Not surprisingly, the headline is that cyber attacks have evolved and become more frequent. The 2019 report discussed the drop in reported breaches and attacks seen across businesses between 2018 and 2019 (from 43% to 32%). This year, the incidence of breaches or attacks on businesses (46%) has reverted to similar levels seen in both 2018 (43%) and 2017 (46%). In other words, the long-term trend suggests that this incidence has been relatively consistent.
Consistent with previous years, larger firms are more likely to identify breaches or attacks compared to smaller ones. Information and communications companies may stand out, either because they are more aware of cyber security or that they are more exposed to attacks due to digitisation of the sector.
Many new scams are aimed directly at individuals rather than organisations, now a bigger target as they are spending more time using their computers and laptops at home. In the UK, examples of the latest scams include criminals asking for donations to help the NHS buy medicines and supplies required to fight Covid-19; texts claiming to be sent by the government to individuals telling them they have been fined for leaving their homes more than once during lockdown; and job offers for key worker positions requiring a fee for background checks. By being aware of these risks, remote workers can not only protect themselves from personal loss, but also prevent the more widespread damage that results from opening attachments containing malware.
Phishing attacks (see more in our article) are the most prominent when looking at the difference types – once again, the vigilance of staff being so important in reducing the risk of these threats being successful.
Fortunately, of those businesses that experienced attacks or breaches, only 19% had any resultant loss of money or data. A temporary loss of access to files or networks, damaged software or systems, and lost money are the most commonly reported outcomes. The damage inflicted by viruses, ransomware and hacking are much more likely to experience a negative outcome. 90% of businesses were able to restore operations following their most disruptive breaches or attacks within 24 hours.
Again fortunately, whilst the number of attacks has increased over time, the trend appears to be going in the right direction, no doubt due to increased awareness of the challenges and the steps taken to reduce their possible impact.
The survey found that the most common actions taken following a breach were a mixture of additional staff training and communications together with improved technical controls.
In order to reduce the risk of such cyber attacks affecting your organisation, we recommend that you read our articles on cyber security and, in particular, with employees being the weakest link, revisit the simple measures such as increasing awareness, managing passwords, etc and, if not already in place, develop a plan to first identify risks, assess and understand those risks, focus on the ones critical to the business, putting in place controls and finally formulate a response in the event of a cyber incident.
A few words about CompassAir
Creating solutions for the global maritime sector, CompassAir develops state of the art messaging and business application software designed to maximise ROI. Our software is used across the sector, including by Sale and Purchase brokers (S&P/SnP), Chartering brokers, Owners, Managers and Operators.
Through its shipping and shipbroking clients, ranging from recognised World leaders through to the smallest, most dynamic independent companies, CompassAir has a significant presence in the major maritime centres throughout Europe, the US and Asia.
Our flagship solution is designed to simplify collaboration for teams within and across continents, allowing access to group mailboxes at astounding speed using tools that remove the stress from handling thousands of emails a day. It can be cloud based or on premise. To find out more contact solutions@thinkcompass.io. If you are new to shipping, or just want to find out more about this exciting and challenging sector, the CompassAir Shipping Guide might prove to be an interesting read.
Contact us for more information on our software and find out how we can help your teams improve collaboration and increase productivity.