With Cyber Awareness Month now at an end, we thought we would take some time to reflect on what we have learned over the past month. However, before anything, it is essential for businesses to fully take on board the importance of cyber security following the awareness month and not simply put the matter to one side and forget about it until next October.
As part of Cyber Awareness Month Intqual-pro have engaged with 247 small to medium sized businesses and charities to support their cyber risk management.
Of those companies:
- 232 were an active target of cybercrime groups conducting targeted spear phishing and invoice fraud at the current time.
- We blacklisted over 2500 malicious domains being used for criminal purposes.
- They had lost a total of over £550,000 to invoice fraud and cybercrime in 2018 to date.
- We helped to put in place processes in over 30 of the organisations to mitigate invoice fraud.
- 33 were selling online with insufficient website security.
- 78 were sharing servers with over 1000 other organisations, many of which would be considered high risk.
- 7 had exposed user credentials being bought and sold by criminal groups.
- All 247 made positive changes to improve their cyber security posture and reduce their cyber security exposure.
Looking back on these statistics, we regularly find that far too many businesses fail to realise the cyber security risks to their business and do not consider themselves to be a target. Many believe that measures such as anti-virus provide all the protection that they require, yet fail to implement effective awareness training or address cyber security culture. Your most vulnerable network is the human; effective cyber awareness training is essential to stay as secure as possible.
The reality of the matter is, is that if you have money, data or a place of work, then you are a target of cybercrime. With the process of social engineering and spear phishing accounting for 85% of human error breaches, and human error accounting for 90% of successful cyber breaches, the need for a robust cyber awareness culture has never been greater.
Whilst many now understand this and are beginning to develop a cyber-culture – which is of course a positive – it is too easy to take a regulatory approach to solutions, rather than a behaviours approach. Cyber security and information security are not the same thing – GDPR compliance will not protect you from a cyber-attack. Understanding your cyber exposure and existing vulnerabilities should be top of your priority list.