6 cyber security questions you should be asking…PW Data
Independent research among UK businesses of 1,000 or more employees revealed that ransomware cost mid to large businesses £346 million to their bottom line last year alone.
And the way things are going… we’re certain this figure will rise in 2018. IT disaster strikes are more a case of ‘when’ than ‘if’ so, how can you remain in control when your business becomes a target.
No-one said running a business is easy, and this is particularly so when an IT disaster strikes. After all, the last thing you want is to be held accountable for a cyber-attack within your company.
So how you go about controlling future cyber-attacks to your enterprise? Well, we’re here to shed a little light…
We’ve put together six crucial questions that you should be asking… questions that business owners frequently type into their Google search, but struggle to find the answers to… In a bid to help you determine the real cost of disruption when your business falls victim to cybercrime.
Running a business has never been easy, and when an IT disaster strikes – which it will – the office of the owner or CEO is a lonely, uncomfortable place, particularly if the IT attack in question has brought the company to its knees!
Never has the pace of change been as great within the industrialised world as it is today, in the age of digitisation, which continues to drive growth and efficiency. Such a fast-moving pace of technology allows automation of tasks, and with the added supplementation of Artificial intelligence (AI), where machines are becoming self-learning, equally, the presence of threats to an organisation’s existence has never been so great.
The internet of things (IOT), countless digital processes and ‘always on’ connectivity, have led to a significant rise of cyber-attacks, from email phishing, to malware and botnets. So, when it comes to putting your business continuity plan in place, which questions should you be asking?
6 Cyber Security Questions Business Owners Ask that Google Can’t Answer:
- Which Cyber Threats Am I Susceptible To?
Digitisation and the speed and reach of connectivity mean that there are more devices constantly seeking to connect with us and gain value from our most precious commodity – data.
The introduction of GDPR compliance is a testament to the need to ensure that the holders of your data are legitimate and have your permission. But is this also true of machine to machine (M2M) communications and the data they contain, after all, this can’t be considered personal, can it?
Could a simple internet connected coffee machine in the warehouse offer any confidential information other than how many cappuccinos your staff are consuming? Or is this modest machine connected to the same network that controls your online banking and manufacturing process?
- Why Would Anyone Be Interested in My Data?
Well, for starters, a coffee vendor would be interested in this data and could provide you with a perfectly valid service, but do you know who they are and who else might be interested? In many cases, these devices come with easy-to-remember passwords such as ‘1111’ or ‘admin’, which could potentially give other interested parties access to your network, who may then go in, search around your network for far more interesting devices, and benefit from a far more lucrative menu.
- When Will an Attack Like this Happen?
Any time is a good time for a machine to talk to another machine, and in today’s “always on” environment, you are effectively putting out the “always welcome” sign to any unscrupulous visitor (who’s significantly less subtle than the email phisher, who at least sends you a nice clue in their email as to their intentions and dubious identity).
In the machine to machine world there is no need to take breaks or talk politely to a difficult gatekeeper, they merely keep trying a sequence of random numbers until they get the acceptance they require. This could happen at any inconvenient time for us humans, after all, you are only in attendance 5 days a week, 8 hours a day. You may not even notice that you’ve had a “visitor” nor if they have collected more of your data, to the point where they have infected your entire network and data and are simply waiting for a time when they can make their demands or unleash havoc.
- How Will I Know When an Attack Has Taken Place?
You may not know at all. Or you may find out very quickly when something goes wrong or you are contacted for the payment of a ransom for the return of your data or to unlock your various machines. In fact, ransomware demands are costing UK companies £346 million per annum, and even once businesses have paid such hefty amounts, they don’t necessarily get all their data back. What’s more, having paid once, they are likely to be on an “easy target revisit” list.
- Where Is the Threat Likely to Come From?
Despite a popular misconception, hackers are not just “geeky teenagers” sat in a bedroom having a bit of fun. On the contrary, and in most cases, professional hackers are part of a sophisticated organised crime group.
- Who Will Be Held Responsible for Allowing the Threat In?
Employees are normally not malicious, and they normally perform their jobs diligently, however in reality if enough threats are launched (M2M), it is inevitable that at some point an employee will inadvertently accept a phishing email or an invitation to click on a link that is potentially disastrous. From that simple click, a chain reaction begins, and it generally ends in disaster.
Ensuring Business Continuity
Backups and firewalls are no longer enough to make us feel safe. These will act as a deterrent and do offer some protection, but the face of disaster recovery is changing to link to a complete business continuity plan that works on the basis that when disaster strikes, recovery can be automatic, quick and painless, in line with the needs of your business. The key is that when this happens, you know about it quickly and action can be taken to isolate the threat and restore the integrity of your network to a given point in time to get your business back up and running.
To determine the value of preventing an IT disaster within your business, we recommend you ask Who, What, Where, When, Why and How, as above. Such simple questioning can help a business owner or CEO enormously by determining an acceptable level of risk against any investment required.
How much would you pay to restore your data and protect your business in the event of an attack?
It CAN, and it WILL happen, so plan ahead for restoring and ensuring business continuity is delivered at an acceptable price to your business, otherwise you run the risk of being held hostage or worse still, destroyed.
How Can PW Data Group Help?
Contact PW Data Group today for an informed, no obligation discussion. Or, why not ask for the ROI calculator on the REAL cost of disruption for the issues facing your business continuity plans? We’re here to help prevent disaster before it strikes.
The key is that when this happens, you know about it quickly and action can be taken to isolate the threat and restore the integrity of your network to a given point in time to get your business back up and running.