The National Cyber Security Centre (NCSC) recently released their 4th annual report on their Active Cyber Defence (ACD) programme and it makes for interesting reading. A key finding is that in the UK the NCSC have taken down 15 times more online scams in the last year compared to the previous three years combined.
Rising cyber-crime has been driven by many factors in the past year, including exploitation of the coronavirus pandemic, as well as the rise in ransomware attacks. More and more people are working from home which opens up additional cyber security risks.
I think we can all agree that this increase seen by the NCSC is a significant one. And it got us thinking about why many businesses still aren’t viewing cyber-crime as a viable risk to their business continuity or protecting their business with cyber insurance.
Cyber-attacks your business may be at risk from
There are many types of cyber-attack which your business could be at risk of. Two of the most common techniques which cyber criminals use are:
Ransomware
Ransomware is defined as ‘a type of malicious software designed to block access to a computer system until a sum of money is paid.’
Ireland’s healthcare system was recently targeted in a ransomware attack, leading to significant disruption. They are becoming a common attack used to target businesses and their IT systems to obtain money.
Phishing attacks
Phishing attacks are a common technique used by cyber criminals. They use a communication method, typically email, as a method in which to get unsuspecting employees or users to disclose access information or to gain sensitive business information.
How to report suspicious activity and cyber crime
There are many ways to go about reporting incidences of cyber-crime and attack. Not only to protect your own business but to alert the right channels so that they can take action to remove such activity and to raise awareness of potential cyber risks to protect others.
The Suspicious Email Reporting Service (SERS)
Phishing emails can be reported to the NCSC via their Suspicious Email Reporting Service. The NCSC advise that if you are suspicious about an email, you should report it. You can do so by forwarding to the email address linked to SERS.
Reported emails are analysed by the NCSC and if malicious activity is detected, actions are taken to track and stop the activity. This includes action such as blocking the email address it was sent from or removing links to malicious websites.
This service is only to be used by those who are suspicious of activity. Not those who have been the victim of a cyber-crime.
Action Fraud
If you have been or think you may have been the victim of cyber-crime, then the NCSC advise that this should be reported to Action Fraud at https://www.actionfraud.police.uk.
Action Fraud have a lot of information on their website about reporting cyber-crime to them. This is a useful guide to how to report cyber-crime to Action Fraud, what to expect and what is done with the data that you supply.
Raise your awareness of cyber crime
Cyber criminals change the tactics that they use regularly, and the types of tactics they use are becoming more sophisticated over time making them harder to identify.
For this reason it is important that you arm yourself with as much up to date information as possible, are familiar with the types of cyber-attack your business may be vulnerable to and that cyber security is on your agenda and your staff are regularly trained in this area.
The NCSC website has a wealth of information relating to cyber-crime including up to date news of emerging cyber-crime threats and techniques. So, it is certainly worth spending your time familiarising yourself with this. Cyber-crime is a very real risk and one which isn’t going to go away.
How to protect your business in the event of a cyber-attack
One of the key types of protection you can put in place as a business is cyber insurance. And having a plan in place which steps out the actions you need to take in the event of a cyber-attack so that you can react as quickly as possible and minimise any damage.
Yet, the latest government Cyber Security Breaches Survey 2021 which was published in March showed;
- 15% of businesses carrying out cyber security vulnerability audits
- 34% undertaking cyber security risk assessments
- 31% of businesses having a business continuity plan which covers cyber security
- 43% (less than half of businesses) having taken out some form of cyber insurance
Given the risk that cyber-crime presents, the growth in scams over the past year and the consequences that a cyber-attack can have on a business we’d have hoped that these figures would have been much higher.
Cyber insurance can offer a wide range of benefits such as:
- Cyber business interruption – loss of income would be covered if you suffer interruption to the running of your business as the result of a cyber attack
- Ransomware – in the event a hacker holds your systems ransom, cyber insurance would cover the ransom costs and provide support in managing the situation
- Hacker damage – insurance could help you fix any damage caused by hackers during a cyber-attack
- Crisis containment
Ask yourself, can your business be without cyber insurance? The chances of suffering a cyber-attack are likely to be higher than a flood or fire event disrupting your business. If you insure against risks like these, what is preventing you from adding cyber insurance to your business insurance coverage?
At Anthony Jones we always reiterate to our customers that cyber- crime isn’t confined to big business. SME’s must be aware of the risks as the figures show that they are just as much of a target as large corporations. We want to work with you to understand not only the potential cyber risks you may face but also the importance of cyber insurance – what it offers and how it can help protect against these risks. Chat to us today for more information on 0208 290 9080 or email us at business@anthonyjones.com.
