Chief Underwriting Officer
Cybersecurity is more important than ever in 2019, with reports that cyber-crime is now even larger and more lucrative than the organised drugs trade. Cyber criminals are getting smarter, more prolific, and more ruthless by the day, as the potential rewards become ever more enticing.
At the same time, penalties for companies that fail to adequately protect consumer data are becoming more severe. Under the GDPR, businesses which suffer a cybersecurity breach in which data is stolen or exposed could be found guilty of criminal negligence. Fines for this are large – often too large to recover from. And, as cyber-crime becomes more common-place, all businesses – even small ones – need to be prepared.
First and foremost, it’s vital to be aware of current trends in cyber-crime. Forewarned is forearmed, as they say.
The biggest cybersecurity threats facing UK businesses in 2019
Ironically, tighter regulations mean that websites are using more forms to collect subscriber data, and these are themselves leaving businesses exposed. Formjackers attack these data collection pages with codes designed to skim information as it’s entered into the form with the aim of stealing credit card or other data. Tightening security around any data collection process is therefore essential.
Living off the land (LOTL), or Powershell attacks involve rogue software burrowing into your system, hidden within legitimate processes. From there, malware can disrupt your system or steal sensitive information. Preventing a Powershell script from embedding itself in your processes is mostly about learning to spot the signs before the code sinks too deeply into your system. So, make sure you’re clued up.
Social engineering attacks are where criminals use the internet, email or even phone calls to manipulate, deceive, or persuade people to do their bidding and accidentally give away their data. Phishing, catfishing, and email scams are all common examples of social engineering attacks. Bringing in protocols which limit personal correspondence or monitoring message traffic in and out of your system may help to prevent social engineering attacks, as will training your staff in common social engineering techniques and how to respond.
AI is growing more sophisticated by the day. A report last year warned of the threat posed by intelligent software in the wrong hands, and that threat only grows as AI develops. What’s more, cyber criminals are not constrained by the ethical and regulatory frameworks that govern legitimate AI businesses, meaning that their algorithms may be able to develop faster and in different ways to their legal cousins. All the more reason to fortify those cyber defences.
The Internet of Things is becoming more and more ubiquitous, as many of us now think nothing of having some sort of smart device within our home or office. What people often don’t realise, however, is that a smart device connected to your network provides a relatively easy ‘in’ into your system for cyber criminals. Smart devices are often left unprotected, making them an easy ‘back door’. So, don’t forget to include them in your security protocol.
Cloud data theft
It’s important to be very careful when choosing a cloud storage system, as not all cloud data banks are made equal. The cloud has a lot of advantages, but the downside is that it means entrusting the security of your data to a third party (or parties). And that could leave it vulnerable to theft. Plenty of research on the best options is essential.
Single factor passwords
One of the ways in which AI is being utilised by cyber criminals is in-code cracking. Machine learning systems can run through millions of potential passcode combinations in seconds, spotting and building upon common patterns as they go. Single factor passwords, therefore, are a lot less safe than they used to be. Businesses which are serious about data protection should institute double-factor identification procedures in order to reduce the risk from artificial code-cracking bots.
Even with all the new technology out there, it’s important to remember that human error is still the single greatest cyber risk posed to businesses in 2019. Most, if not all, of the risks mentioned above, rely upon a certain amount of human error or negligence in order to proliferate. An untrained and/or lax workforce presents a significant risk to your business’s data. It is therefore vital that a business-wide approach is taken towards cybersecurity, with everyone fully aware of their own responsibilities and how to respond in the event of a breach.
If you weren’t already on top of your cyber security, then hopefully this list has motivated you to get on the case. Just a few simple steps can make a big difference, and potentially save you worlds of pain in the future. Not sure where to start? Check out our blog on improving cyber security in your business - and don't forget to consider cyber insurance.