We all want to ensure that our data is safe at all times. However, the current geopolitical situation and also economic crisis are contributing to an increase in cybercrime. According to gov.uk 39% of UK businesses identified an attack in 2022, the most common threat vector was phishing attempts (83%). Of the 39%, 21% identified a more sophisticated attack type like denial of access, data deletion or data corruption.
Statista interviewed businesses on the frequency of attacks and 21% had recorded an attack once, 27% were attacked less than once a month, 18% fell victim once a month where 15% experienced an attack once a week, 8% once or several times a day and 3% didn’t know if they had been attacked.
Now, these numbers may not tell you much but the latest update by IT governance show that 2023 is seeing a rise in different types of attacks. In January alone there were 277 million data breaches and cyber-attacks, by March the number was around 300 million data breaches and cyber attacks in total this year.
How does this affect you?
Data breaches and cyber attacks can be devastating for any business. When a data breach happens you lose invaluable data that can put not only you and your staff at risk but also your customers. Another scenario is that the hackers leak the data or sell it forward which results in compromising your operations and your customers’ security. Both scenarios result often in financial loss and damage to brand and customer relationships.
The impact of cyber attacks on your business varies from halting operations to denying access to programs, email or even computers. According to Statista, 70% didn’t require any recovery time at all after a cyber attack. However, 8% recorded disruption of less than a week and 1% recorded a recovery time of over a month.
The increasing volume of data breaches and cyber attacks indicates that cybercriminals are forming new cartels constantly and combining their skills to perform more sophisticated and disruptive attacks. Ransomware and phishing are the most common types of cyber attacks. With ransomware, the criminals aim to force the victim to pay them to get the data back that is corrupted or deleted. Phishing attacks on the other hand are emails and messages with malicious payloads through a link that then releases a virus to your computer or takes control.
The new concern by cyber security providers is also that AI is being used to generate legit-sounding phishing emails with a malicious payload. Criminals without advanced coding skills can generate these emails if they manage to bypass the filter of ChatGPT.
What can you do to protect yourself?
Where a decade ago it may have been enough to have a functioning firewall and spyware installed on your computer, today these are not enough. If you want to mitigate the risk of data breaches and cyber attacks, you need to ensure that you audit your data protection and cyber security strategy quarterly. You also want to have a regular risk assessment performed to find the weaknesses so you can mitigate risks. Keep your board of directors updated quarterly on cyber security measures and policies. Remember, access controls are vital for your business, you don’t want to give access to outsiders by accident. Training your staff is also important because they perform multiple tasks daily with computers. When your staff knows how to ensure safe working, they will perform better. If you don’t have an in-house IT department or consultant, you may want to consider outsourcing IT services to a reliable IT service provider that provides all the essential support you need from audit to integrations and migration to cyber security.