Businesses in the UK have been warned about the potential costs of cyber-attacks, which stands at an average of £330,000. However, for one in ten companies, this figure could increase up to £1 million.
In a survey of UK business leaders, 79% believe they have the appropriate security controls in place to defend cyber-attacks, despite the findings that more than half (57%) have experienced an attack in the past year, according to research by BAE Systems.
Julian Cracknell, managing director for UK Services, BAE Systems said: “The research confirms that cyber security is no longer merely a technical issue, but a challenge for the board. Around a fifth of the businesses we talked to said they either didn’t know or weren’t confident that they could return to business as usual within 48 hours of a serious cyber-attack.
“Businesses need to ensure they have the right people, process and tools in place, so when a major incident occurs they are equipped to understand, contain and remediate. If action isn’t taken immediately, the price of cyber ignorance – for the company and the wider economy – could be catastrophic.”
Mark Murphy, CTO of Excell Group said there are two preferred methods cyber criminals use which are costing British businesses millions.
He said: “The easiest way for a cyber-criminal to attack a business is through ransomware, in particular crypto viruses. In this situation, a hacker sends out a mass email out with a ransomware link, all it takes is for one person in a company to click on it and open the virus.
“The most lucrative method, however, is using direct targeting methods such as ‘spearfishing’, which are much akin to identity fraud. The hacker will spend time learning about employees and key facts about them so when they call the company and claim they are checking an invoice for example, they can use the information they have learnt to engender trust and gain sensitive information.
Mr Murphy added that defending your businesses from such attacks is surprisingly simple, and training staff properly is just one way to reduce the risk of a cyber security breach.
He added: “Make them aware of the methods of attack and ask them to think smart about how they respond to suspicious calls and emails. If they are unsure about an attachment – don’t open it. There is a chance that a couple of genuine emails may be missed, however, one missed email is worth it.
“Also, beware of insecure public Wi-Fi network as these networks have little to no protection, so if an employee logs in to a work account in, for example the local coffee shop, a hacker could easily find it, then use it to infiltrate your company with malware.
“Secondly, change your passwords. Over 50% of passwords used are a name of someone close to them and two numbers, a determined hacker could easily research you and figure out what your password is. Most people also only use one password for the majority of their accounts, which is like giving a hacker the key to your company and your personal life."