At the risk of being accused of scaremongering, we have never been closer to major cyber attack, with the UK now facing an unprecedented level of cyber threat. There is no escaping a significant increase in both the frequency and sophistication of attacks. But I’ll let someone else do the convincing on this occasion before giving my thoughts…
I urge every business owner, leader and senior manager to spend 30 minutes watching this episode of BBC Panorama, broadcast about 3 weeks ago:
https://www.bbc.co.uk/iplayer/episode/m002g7lj/panorama-fighting-cyber-criminals
This programme is a stark and sobering reality-check of just how vulnerable UK businesses are to cyber threat.
Whilst we’ve all seen reports of the M&S, Co-Op & Harrods breaches in recent news headlines, we also see these multi-million pound corporations survive – either through quick response, strong defences, resilient systems, effective cyber-insurances, a team of highly-skilled (and expensive) cyber-security experts, or a combination of all the above.
But there are other more frightening outcomes… [SPOILER ALERT] fast forward to 15 minutes in and learn about KNP Logistics Group – a 158-year old business employing 700 people that collapsed because criminal gangs guessed one persons’ password.
“If you’re reading this it means the internal infrastructure of your company is fully or partially dead…Let’s keep all the tears and resentment to ourselves and try to build a constructive dialogue,” read the ransom note.
The ransom was estimated to be in the region of £5million – money they simply didn’t have. They no longer exist.
THAT. COULD. BE. YOU.
What always stands out in these attacks is how easily they could perhaps have been avoided with some basic but solid cyber-security principles, but instead these businesses often have a lot in common:
- Weak Passwords – If an attacker can guess a password they could gain access to critical systems very easily
- Unpatched Systems – Leaving huge holes in your cyber defences
- Missing Security Controls – If your people don’t know the rules, they can’t abide by the rules.
The cost of doing nothing is real – not having a business to wake up to. The cost of doing something costs a lot less than you might think.
Please don’t be next. Be the business that talks to those that know, those that can help. I’d love you to talk to me, but if not talk to the NCSC, talk to your supply-chain or your business contacts and find out what they are doing – just do something rather than nothing.
Seeking professional advice helps you to measure the risks; understanding what risks you can afford to accept and what risks you need to mitigate against. It means you start to do something about your cyber-security posture. And then sleep better knowing you have peace of mind, compliance and are potentially more prepared than you were yesterday.
Working with us, we can help you:
- Understand and define your Minimal Viable Company (MVC) before a cyberattack hits.
- Achieve improved cyber-resilience, with multiple layers of defence and an educated, cyber-aware workforce.
- Achieve resilience to attack, allowing recovery in hours and not days.
M&S did not expect a cyber-attack to hit them the next day. Neither did they expect a £300million damages bill as a result.
KNP Logistics did not consider that the next day one employees’ weak password would collapse their 158-year old business.
Today’s top tip… Don’t wait until tomorrow. Reach out to me and let’s just have a conversation, no hidden agenda, about what you are, or are not doing, to bolster your cyber-security posture and resilience.
Mike Parfitt
Founder & CEO, Team Metalogic