|It’s like an ‘perpetual state of war’ where individual ‘battles’ may be won but one knows there will always be others to be ‘fought’|
The Cyber Security Breaches Survey 2017 reveals nearly 7 in 10 large businesses identified a breach or attack, with the average cost to large businesses of all breaches over the period being £20,000 and in some cases reaching £ms. The survey also shows businesses holding electronic personal data on customers were much more likely to suffer cyber breaches than those that do not (51% compared to 37%).
The most common breaches or attacks were via fraudulent emails - for example coaxing staff into revealing passwords or financial information, or opening dangerous attachments - followed by viruses & malware, such as people impersonating the organisation online and ransomware.
Businesses also identified these common breaches as their single most disruptive breach, and the vast majority of them could have been prevented using the Government-backed, industry supported Cyber Essentials scheme, a source of expert guidance showing how to protect against these threats.
Small businesses can also be hit particularly hard by attacks, with nearly 1 in 5 taking a day or more to recover from their most disruptive breach. Cyber Essentials, technical advice on CiSP and regularly updated guidance on the NCSC website offers companies, big & small, simple steps that can significantly reduce the risk of a successful attack.All businesses which hold personal data will have to make sure they are compliant with the new General Data Protection Regulation (GDPR) legislation from May 2018. This will strengthen the right to data protection, which is a fundamental right, and allow individuals to have trust when they give their personal data.
DCMS: Almost half of UK firms hit by cyber breach or attack in the past year
DCMS Releases Cyber Breach Survey Findings – techUK response
Cyber-security Information Sharing Partnership (CiSP) - NCSC Site
NCSC publishes new report on criminal online activity
NCA: Young cyber criminals motivated by peer respect & accomplishment
Home Office: Baroness Shields' speech at the National Security Agency
techUK: Building Trust In The Security of Cloud
New Quality & Assurance framework open now
Advice on managing enterprise security published after major cyber campaign detected
Universities of Edinburgh and Warwick become academic centres of cyber excellence
Garages, new homes & old offices: the records management mistakes that put health records at risk
Phishing awareness training can thwart cyber-attacks
NCSC and NCA threat report provides in-depth analysis of evolving threat
Many more than 23 Apprentices will be required to meet the UK’s need for cyber security experts
Two important news items courtesy of techUK
The Hacker Hardened Public Sector Enterprise: Practical Steps to Real Cyber Security
Trying to avoid being in a situation of playing ‘catch-up’
Less physical violence but emotionally the damage is just as great and can ‘ruin’ retirement plans, etc.
Not just GDPR to worry about; Blog posted by: Jo Pedder, Interim Head of Policy & Engagement at ICO, 06 April 2017
Still much more to be done by LAs to comply with Best Practice / Legal Requirements
ICO Blog about ‘GDPR’ posted by Jo Pedder, Interim Head of Policy & Engagement
Simplifying GDPR Compliance: How to mitigate risk and derive value as you take on the new regulation