We’re proud to welcome Dr. Laura Marulanda-Carter PhD back to the Mirus blog!
This time, Laura lends her expertise in Digital Technologies and unique perspective on Data Security to discuss the importance of Data Protection, the troubling statistics on cyber-crime and the world-saving exploits of CIA operative Jack Ryan.
Data Breach Vulnerabilities
Would you confess to being a cyber-crime victim?
The Office for National Statistics revealed that only 14% of incidents, in terms of fraud and computer misuse, comes to the attention of police or are reported to Action Fraud. This makes it very difficult to investigate new or evolved data breaches. Latest reports show that this brings the annual total of breached records to 7.28 billion in 2019 so far*. There is however somewhat of a silver lining, in that we are seemingly learning from our own mistakes.
The large majority of these breaches happened to first-time victims (81%), with the remaining having experienced more than one cyber offence previously. The low reporting rate, however, means that existing data provides only a partial picture and makes it difficult to truly assess the scope of the problem; even more so as the average organisation takes 197 days to identify a breach on its system. This has led to an increase of 4.8% cost per capita for every lost or stolen record (see IBM). When a breach is finally reported, the result resembles a nightmare for many business owners, especially SMEs.
Are you waiting for your Jack Ryan to save the day?
I often find myself relating an owner’s response to a cyber-attack in the same way as we respond to a Hollywood spy blockbuster, such as those from the Jack Ryan franchise. If you are not an enthusiast, Jack Ryan is a fictional character of acclaimed novelist Tom Clancy. Often depicted as a CIA Operative, Jack is frequently saving the world, defusing most situations with his sharp intellect and impeccably well-timed rescues. Essentially, he’s expected to resolve the most impractical of tasks or impossible of problems.
Whenever - and I truly mean whenever - a cybercrime occurs, most SME owners consider any IT person they call to be their personal Jack-Ryan hero or heroine. Even the most capable and accomplished of people, each taking on the role of such a protagonist, would agree: in the current climate, very few attacks and their aftermaths conclude with a ‘save the day’ epilogue. Often, the only result is the inevitable loss of your customers’ trust.
If you knew you were a target, would you change your behaviour?
Some attacks can be solved, but often at great cost - not only in the direct financial contribution to infrastructure fixes but the idle time wasted by inactive employees. Sadly, most SMEs are the bread and butter of cyber-crime. Why? Simply put, they are more likely to pay in response to ransomware as they cannot afford a shut-down. Also, many have old, unpatched servers and equipment that make it easily penetrable to your mediocre hacker. A smaller number of staff also means that there is an assumed flatter hierarchy in decision-making structure when compared to a large-scale organisation. Therefore fake domains or phishing emails, once accessed, can be forged and often believed by untrained staff in a matter of minutes.
You are a target, whether you think you are or not. But to believe it is to see it. A target attack breakdown as described above is nothing new (see Aorato Labs). But it’s not only action that’s needed to ensure SME’s retain customers; with GDPR celebrating its one-year birthday, the penalties are crippling if consumer data is not handled effectively or investment in cyber security is below par.
- Dr Laura Marulanda-Carter, PhD
Laura works at Milton Keynes College as the Head of Curriculum IoT, with 10 years of teaching experience and a strong advocate of employer engagement and women in technology, we're very excited to be working together.
You can read more about Laura, and read her other Mirus Blog Contributions here.
*Stats from mid June 2019
We’re looking forward to sharing more of Laura's unique and discerning insights into IT, IoT and Security.
Don't Allow Your Business to Remain an Easy Target
Book your organisation a Data Breach Vulnerability Assessment with Mirus IT to discuss your data security and backup options.
The comprehensive assessment will include:
Testing your company for breach vulnerabilities | Testing your users for phishing vulnerabilities | Testing your cyber security processes and systems for vulnerabilities | Confirming if any of your Company Credentials have been leaked and are available for purchase and misuse.