Cyber attacks have very much been in the news of late with Tesco Bank having to repay the money stolen from their customers’ accounts by hackers, and some of the world’s biggest websites suffering at the hands of a distributed denial of service (DDoS) attack.
The most recent event could also see Tesco fined by the Financial Conduct Authority (FCA) after money was taken from 20,000 of its current accounts, which meant they had to suspend all online transactions following what was described as an “unprecedented attack”*. If the FCA finds that failures in Tesco Bank’s systems and controls contributed to the incident, the lender could be in hit with a large financial penalty. Meanwhile, the value of Tesco’s shares also fell by 1.1%.
And just last month, hundreds of popular websites were taken offline for hours after a critical Internet point was hit by multiple cyber attacks bringing down Twitter, eBay and many others after a US-based company, responsible for routing Internet traffic, was targeted.
The crazy situation in this instance was that this attack could have been carried out by mischievous teenagers rather than hackers intent on causing real harm.
What is a DDoS attack?
A DDoS attack is caused by a network of tens of thousands of compromised computers, known as a "botnet", flooding a website's servers with page view requests, leaving legitimate traffic unable to get through. Sometimes, a huge amount of requests can cause entire websites to crash.
Any computer or Internet-connected device, such as common items like smart webcams, thermostats and household items, are vulnerable to becoming part of a botnet if their anti-virus software is out of date or network security is not robust enough.
Why does all this matter to UK businesses?
Businesses cannot afford to ignore the seriousness and frequency of cyber attacks and therefore their security. If hackers can bring down giants like Tesco and Twitter, the average UK business will be an easy task.
Attacks are becoming more common. Millions of computers and devices across the world can be called into action by the hacker at a moment's notice. It is imperative that businesses protect themselves from being part of a botnet, but also becoming a victim to one or another malicious intrusion. With BYOD an accepted norm these days, we must also be conscious of the threats posed by devices being used on our corporate networks.
I have personally suffered at the hands of a hacker. They did not hack me directly but hacked a sole trader I was dealing with, which ended up costing my family close to £4,000 so this is a subject that is close to my heart.
So while a business like Tesco, although wealthy, will certainly feel the sting of repaying their customers’ accounts, a potential fine and a decline in their share price, they will survive. What about the businesses that do not have the reserves to absorb such financial losses?
Network security: Budget and review
Hackers are serious criminals that should not be ignored and businesses need to ensure their network security is budgeted for and is reviewed regularly. Budgeting will be a bitter pill to swallow as it’s a frustratingly invisible asset but the consequences will be all too plain for the eye to see. Regular reviews are potentially time consuming and complicated depending on your in-house IT skill set. I would urge you to employ specialists to take care of this for you. The risk of ignoring this area of your business could be devastating.
If you wish to discuss your security needs with one of our experts, please email me and I will put you in touch.
A final thought. The Government is also taking these threats very seriously. It has pledged £1.9bn into improving the UK’s cyber security defences. The money will go on enlarging police units that target organised online crime gangs, as well as much-needed funding for the education and training of cyber security experts. Pleasing news but experts believe not enough is being spent on making mobile device usage safer.
If there are holes for the hackers to exploit – such as through mobile device – they will. Don’t leave your cyber security to chance.
*The Daily Telegraph, 07/11/2016