When businesses get hacked- who are the victims? | SaltDNA

When businesses get hacked- who are the victims?

25/11/2020 | Nicole Allen

Cyber attacks occur every two and a half minutes, according to Government statistics, which is why ensuring that your company is protected and secure is critical. Threats can come in several different forms that vary depending on their severity. Hackers are deliberately trying to inflict damage in order to persuade employees to make one mistake which could allow them access into everything they need.

Cyber attacks occur every two and a half minutes, according to Government statistics, which is why ensuring that your company is protected and secure is critical. Threats can come in several different forms that vary depending on their severity. Hackers are deliberately trying to inflict damage in order to persuade employees to make one mistake which could allow them access into everything they need.

The question is not "Which sectors are targeted the most?", as much as,”which sectors are the most likely to suffer the greatest loss as a result of a cyber attack?"

Today's cyber criminals are not a homogeneous group. There are hackers who spend months at a time attempting to extract data and funds from a single company, and there are others who threaten hundreds of companies with phishing emails and other techniques, hoping to get a handful of curious workers to click on a mass email attachment and then extort money with a DDOS attack. These strategies result in their attack continually moving onto a new fresh batch of victims.

So who are the victims of these attacks and how are they affected?

Employees:

The repercussions of cyber attacks are felt by companies across the globe. The global economy has lost 5.2 trillion dollars over the past five years. Cyber attacks, however, go way beyond financial losses.

A Kaspersky survey confirms that 31% of cyber attacks lead to job losses due to employees being involved with exposed customer data. According to the Data Security Breaches Report, 32% of all organisations have reported cybersecurity breaches over the last 12 months. The method of attack varies, but well known examples are as follows:

  • 80% of attacks are phishing attacks
  • 28% is hackers impersonating an individual via emails or online
  • 27% are ransomware attacks when businesses come under threat.

These attacks all take advantage of employees and pose major threats to companies.

A strong security plan must include sufficient controls to maintain a basic level of security and a tracking system to investigate attempts to breach the policy, which should be accompanied by training for all employees. When it comes to defending themselves from cyber attacks, many businesses fail to recognise that their people are as important as the cyber tools which they deploy. There are a variety of low-tech tactics used by hackers to take advantage of employees. Such tactics include: baiting, unsubscribe buttons, social engineering, keylogger and internal threats.

It is in the best interests of all companies to guarantee that their workers have all the expertise, knowledge and skills they need to help protect the company and themselves from catastrophic cyber attacks and data breaches. This means ongoing education and training, with the active participation of the IT department of the organisation. All employees in the workforce should receive training to understand data processing, security, secure communications and disposal best practises from the moment they start with the organisation. It is not appropriate to underestimate the danger of cybersecurity threats, and it is up to employers to ensure that their workers have the resources required to ensure their business data is secure at all times.

Business Owners:

A successful cyber attack will cause your organisation to suffer significant harm. It can impact your bottom line, as well as the customer confidence of your brand. It is possible to narrowly divide the effect of a security breach into three different categories: financial, reputational and legal.

Cyber attacks can cause devastating consequences to a company, almost to the point where it could shut a business down. A 2018 IBM study looked at 477 companies from 15 countries that had suffered some form of data breach and asked them how the organisation was impacted by these cyber-incidents. From this study, the healthcare sector was by far the most vulnerable in terms of overall damages from a hack. In fact, this sector registered average costs of more than $400 per compromised customer record. Financial services, at just over $200 a record, was a distant second. The financial loss usually is caused by corporate identity theft, financial information theft (e.g. bank data or credit card data), money theft, trade interruption (e.g. failure to carry out online transactions) or loss of trade or contract.

Trust is an integral element of the relationship between customers and businesses. Cyber attacks can harm the credibility of your organisation and erode the trust your clients have in you. In turn, this could potentially lead to: customer loss, loss of sales and a drop in earnings. The effect of reputational harm may also affect your suppliers, or affect the relationships you might have with your company's partners, investors and other third parties.

From a legal standpoint, data protection and privacy laws expect you to manage the security of all personal data owned by you, whether it be your employees or your clients. You can face fines and regulatory penalties if this information is unintentionally or purposely breached as a result of the company failing to enforce adequate security measures. British Airways is a prime example of this having been fined £20 million for a data breach which affected more than 400,000 of their customers.

Customers:

Cyber attacks are more likely to occur as cybercrime becomes more profitable. The short-term and long-term impact that cyber attacks could have on your organisation are important to understand.

Similarly to the business owners having their reputation negatively affected, customers' perception of the company will change for the worst. According to Forbes Insight report, 46% of organisations were found to have suffered damage to their reputations and brand value as a result of a data breach. In other words, once the public sees an organisation in a bad light, its reputation is almost impossible to fix. Just ask Toyota, or any of the other brands that have suffered a data breach Tesla, or Hancock Health, are just about the worst light to be in.

Lawsuits and fines are other long-term consequences that affect business’, there has been a huge increase in class action lawsuits in both the US and UK as victims seek monetary compensation for the loss of customers data. When cyber attacks leak large quantities of personal information, civil lawsuits are common. Sometimes, these cases take years and are costly to resolve. According to a report by security firm Norton, 978 million people in 20 countries lost money to cybercrime in 2017.

How can you prevent your business from falling victim to a cyber attack?

Even the most robust of organisations can be affected by data breaches. Managing the risks accordingly is very important. An efficient cybersecurity incident response plan and secure communications platform will assist you in preventing an attack from occurring in the first place, but also elevate pain when having to manage potential incidents when they do arise. If you're still reading, you will be very aware you're vulnerable to cyber crime. It is the new normal for all sizes of businesses, big or small. Media reports concentrate on corporate mega attacks and breaches, but small businesses are the new frontier for cyber criminals, as discussed earlier.

At SaltDNA we work with organisations across the world of all sizes to enable them to have secure, confidential conversations wherever they are, at any time. Your best bet to ensure that the possibility of a cyber attack never becomes your reality is to enforce a secure communications platform alongside a comprehensive and ongoing employee education on cyber security.

For more information on this article, sign up for a free trial or to talk to a member of the SaltDNA team, please contact us on info@saltdna.com.

About SaltDNA

SaltDNA is a multi-award winning cyber security company providing a fully enterprise-managed software solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. SaltDNA offers ‘Peace of Mind’ for Organisations who value their privacy, by giving them complete control and secure communications, to protect their trusted relationships and stay safe. SaltDNA is headquartered in Belfast, N. Ireland, for more information visit SaltDNA.