The most significant threat to businesses continues to be cybercrime. The UK wasn’t the worst hit, with Mexico, Italy, and Spain sustaining more attacks. However, with eight out of ten businesses targeted, it is vital for people to be educated and aware of potential threats to reduce the chance of repeated attacks.
Ransomware attacks affected 55% of UK organisations over 12 months
Ransomware is a form of malware that encrypts a victim’s files, rendering them inaccessible. The attacker then demands a ransom from the victim on the premise they will restore access to the data upon payment.
2021 ransomware example: One of the most significant ransomware attacks of the year targeted six schools and their umbrella organisations. The teachers and students could not access their online systems files, and databases, disrupting the beginning of the new school year in September. The ransomware attack had significant implications as schools collect sensitive data, such as pupils’ addresses, medical information, and date of birth.
The surge in ransomware attacks on schools, colleges and universities across the UK forced the National Cyber Security Centre to update its existing security guidance offered to the education sector.
The average cost of cyber-attacks is £2.82 million
A cyber-attack is an attempt to disable computers, steal data, or use a breached computer system to launch additional attacks.
2021 Microsoft cyber-attack: Microsoft became the victim of a cyber-attack from the Chinese hacking group, Hafnium. The focus of the attack was Microsoft’s Exchange Server software. The Exchange Server handles email communications, and the hackers exposed the emails of more than 30,000 companies.
Hafnium was able to gain access to servers through a combination of stolen passwords and previously undetected vulnerabilities. They then created a web shell (remote access interface) around those servers, and this provided them with the access they needed to steal email data remotely.
43% of businesses identified a data breach in 2020-2021
A data breach is an incident where information is stolen or taken from a system without the knowledge or authorisation of the system’s owner.
2021 Volkswagen and Audi data breach: A marketing services company left data unsecured resulting in a data breach of 3.3 million customers and prospects. The data was collected from 2014 to 2019 and accessed by the unauthorised party in March 2021.
The data breach ranged from make and models of vehicles that had been purchased/enquired about to breached social security numbers, driver’s license numbers, tax IDs and loan numbers.
Only 59% of organisations believe they are GDPR compliant
The European Union’s General Data Protection Regulation aims to tackle risks surrounding companies retaining ‘stale data’ and not setting file permissions correctly. During its first year (2018), GDPR fines issued to businesses totalled £41.7 billion.