There are very few business owners and directors in the SME business community that spend much of their time worrying about Cyber Risk or the impact this might have on their business. Of course, most will be aware from recent headlines of large corporates been hacked and some may even have changed their passwords on their ebay account following the revelation that the details they had entrusted to ebay may well have been disclosed along with millions of other users. But that’s about as far as many will have gone. Unless, that is, they have experienced a malware event such as GameOver ZeuS or Cryptolocker and then the view on Cyber Risk will be totally different.
So sat amongst a bunch of academics and risk specialists at a recent ‘A Cyber Risk Workshop’ run by Business South my attention drifted to how this very valuable information can be brought to the attention of the SME world so that owners and directors can be more aware of the unwanted risks that come part and parcel of our information age. Putting this into perspective, we know that there are constant threats and whilst the volumes of attacks are slightly decreasing the sophisticated nature is far more advanced.
Well organised, and well-funded criminal groups, which clearly hits a different dimension with headlines such as ‘U.S. Charges Chinese Government Hackers With Cyberspying’ are deploying tactics that most company IT departments do not have the skills to contain. From our own experience, I can reveal that our own data centre operation had over 7,000 attacks from China in just one week so the likelihood of any business not being probed for weaknesses is very remote.
Oh, and if you think you haven’t got anything worth stealing then just understanding the risks of not being able to access your company information might be worth considering. A simple task such as knowing who you have invoiced or who you haven’t might cause major problems. Not being able to quote for work is, clearly, more of a concern. And on the story goes through brand reputation to all things even more unthinkable. The offer of paying a small ransom fee to get access back to your data might then seem like a tempting proposition. Only that generally doesn’t work, however, you will expend an inordinate amount of energy, generate a lot of stress and, likely as not, spend some hard cash on a bunch of geeks to get you back on track.
Whilst risk management is with us on a daily basis Cyber Risk is something that every business owner and director should be more aware of and taking very seriously. It should not be much of a surprise to know that Cyber Risk is a subject in its own right, and its own cult following, within higher education offerings but it is also now firmly ensconced as a standard module on most MBA courses. How the landscape is changing!
What did you think of this blog post? What would you like to read about in future posts? Comment below and give us your feedback!