Jude McCorry, CEO of Scottish Business Resilience Centre (SBRC)

By Jude McCorry, Chair of the CyberScotland Partnership Steering Group

In a time where we are seeing an increase in cyber crime – from hacks to ransomware – it is important that businesses of all shapes and sizes are prepared with the knowledge to deal with an incident.

In parallel, data from Varonis has found that on average, only 5% of companies’ folders are properly protected; meaning there is a lot of work that businesses need to do to protect themselves from all elements of cyber fraud.

Cyber fraud is defined as “the crime committed via a computer with the intent to corrupt another individual’s personal and financial information stored online.” It is typically the most common type of fraud and both individuals and organisations must be vigilant to protect their information from fraudsters.

Trends to be aware of right now

Recently, we have seen many high-profile cyber-related incidents – from the ransomware attack on SEPA last December, to the cyber attack on the Colonial Pipeline, one of the US’s major fuel lines, which was shut down for around a week. The fallout from this was significant disruption to the delivery of diesel, petrol and jet fuel across the country, illustrating just how far the impact of an attack can reach.

Ransomware – Ransomware attacks seem to be getting more attention in the media currently because of the vast amounts of money being demanded by cyber criminals. In a ransomware attack, cyber criminals encrypt an organisation’s files and hold data hostage until a ransom is paid. Fees can be extortionate and not every business will be able to pay: DarkSide, one of the more prolific ransomware gangs, has made at least $90m since August 2020 in ransom payments from fewer than 50 victims. But even for those who can afford to pay, there is no guarantee the data will be returned in a timely manner.

New tech vulnerabilities – The pace of technological change can be mind-blowing. However, with new tech, comes with it an opportunity for a cyber criminal to exploit it. For example, because of 5G increasing the bandwidth of connected devices, they will become more vulnerable to cyber attacks. As such, when deploying new technology, businesses must take steps to ensure attacks do not impact the wider organisation.

All these risks require companies to get their houses in order when it comes to IT security. The most basic thing that an organisation can do to mitigate these situations is to check that systems including firewalls and antivirus programmes are up to date. Regular backups are vital, too: organisations are more likely to get their data back by relying on a recent copy.

Empowering businesses

It is said that information is power, so with this insight, it is important that businesses take the steps now to limit any fall out should they suffer a cyber incident. But to do that, they also need to consider other weak links in their internal chain.

Mind the skills gap – With more workforces likely to continue working remotely for some time, everyone has a responsibility to know the basics of cyber security, such as not opening attachments or clicking links they weren’t expecting to receive. A strong cyber security strategy goes beyond this, to include role-playing and scenario-planning that involves a broad range of people in the company to ensure preparedness. It is worth looking at the market to see what training is available within your sector, and taking steps to address any existing skills gap.

Get the house in order – As part of this, it is also worth the time for any business to make sure processes and equipment are fit to perform to a standard. It is becoming increasingly useful for businesses to obtain the Cyber Essentials certificate to demonstrate to their customers and partners that they have taken steps to safeguard against cyber attack. Schemes like this have been particularly popular for those who operate in the public sector, and as a natural extension of that has seen certification in cyber security increasingly becoming a requirement for most Government contracts.

Should any of these areas raise more questions than answers within a business, it is important to know who to call on for support. A good starting place is the CyberScotland Portal which provides links to various organisations that can help, or provide the right resources to gain access to this support.

Ultimately, it is worth knowing that no business needs to fight the effects of cyber fraud on its own – there is a network of knowledgeable experts who can make sure businesses either knows how to move beyond a cyber incident, or even better not have to experience it in the first place.