Hackers raise Cyber Risk awareness in 2017….. this is the one upside where Hackers have again grabbed the headlines with many high profile cyber attacks taking place resulting in cyber crime and data breaches. These are proving to shape the world of cyberspace and how cyber risk will be managed in the future.
What have been the high profile cyber security breaches this year ?
Ransomware feature highly as the main attack vector utilized by hackers and proved to be the most effective in terms of impact and the disruption that was caused to businesses.
WannaCry
This was one of the main strains of ransomware that hit over 150 businesses throughout the world in May this year. This compromised the NHS and car manufacturing plants such as Nissan and Renault in the UK and the global corporations of Telefonica and FedEX.
Not-Petya
This was the second significant ransomware attack within the space of two months and should have heighten businesses concerns that cyber risk was now a boardroom issue after the WannaCry attack. Not-Petya took place in late June again reaching out to hit high profile global corporations that included Merck, WPP and AP Moller-Maersk having longer lasting consequences on their trading ability and reputations.
Equifax
The US credit reporting agency revealed in September that they suffered a data breach which compromised the accounts of 143 million US customers, it is believed that a certain percentage of these were also UK citizens.
Uber
It was announced by Uber last month that they were hit by a data breach which affected 57 million users by an attack that occurred 12 months earlier. A ransom of $100,000 was also paid to the hackers.
Morrisons
Whilst this breach was not new it does have potential far reaching consequences for the directors of a business. It was found by the High Court that those affected by a data breach which was caused by an employee, were allowed to claim compensation for the ” upset and distress” caused.
What happened in the UK ?
Whilst hackers infiltrated many businesses worldwide, in the UK we also saw businesses and organisations being hit demonstrating that cyber attacks are closer to home that many people may believe, here are a few examples :-
Sports Direct revealed in February that they had been hit by a data breach where a hacker had gained access to their 30,000 employees personal details which included names , addresses and e-mail details.
Wonga announced in April that 245,000 of its customers in the UK had been affected by a data breach, personal details this time included bank account details.
RingGo, the parking payment app was subject to a data breach in April whereby 2,000 customers were affected
Hotpoint UK had their website compromised in May when malware was discovered on their computer system luckily no data was taken on this ocassion.
Cardiff City Centre suffered the embarassment of their computer system being compromised in August with a Swastika being posted on a shopping billboard.
The Scottish Parliament suffered a brute force attack in August where hackers targeted the e-mail accounts of MP’s in an attempt to obtain passwords
Lessons to be learned …..
Cyber crime and data breaches will not go away and will continue to be a prominent threat to busineesss
This is a major issue for businesses so much that it is now on boardroom agendas
Cyber risk needs to be managed at all levels of a business
Cyber attacks can happen to any business , SME’s are faced with the same vulnerabilties as larger organzations
Cyber risk needs to be embedded into a business’s risk management procedures and processes.
Inadequate cyber risk management will impact of the reputation of a business.
2018 will be a testing time for many business sectors with the volatility of the economy, unstable governments and Brexit to name a few but cyber risk should also sit alongside these challenges as the impact of failure to address this is likely to be just as influential.
Image : Shutterstock