By MATTHEW SMITH
A RECENT government survey found that 39 percent of UK businesses had identified a cyberattack on their business in the previous 12 months.
In recent days, British Airways, the BBC, Boots, and other major organisations, have had personal data and bank details compromised following the exploitation of a zero-day flaw in file transfer system MOVEit.
The BBC has warned employees of stolen data including staff ID numbers, home addresses, national insurance numbers and dates of birth. Other firms have warned of bank details being compromised.
Reports of the attack first surfaced last week following a zero-day vulnerability in MOVEit, built by Progress Software, with organisations continuing to discover the extent of the breach and warning staff of potential data loss. Thousands of firms have been impacted by the breach.
The true number of attacks may be under-reported. Payroll company SD Worx, whose clients include Marks & Spencer, is another high-profile victim.
Cybersecurity is a daunting topic, and it can be difficult to know what action to take. Companies realise they must increase investment in cybersecurity — but don’t always do it in the most effective way.
Cybersecurity expert Achi Lewis, area VP EMEA for Absolute Software, says prevention is always the preference — but supply chains add additional risk to an organisation’s cyber protections, providing threat actors with an extra way in beyond internal defences.
“Supply chain attacks can be a lucrative attack method for cybercriminals due to the knock-on impact a breach can have on multiple targets and represents an area of risk that organisations must factor into detection and prevention strategies,” he said.
A good start would be to update infrastructure. Many SMEs use on-premises servers, which can be vulnerable if not maintained properly. An attack on an on-site server can leave an entire supply chain at risk. Switching to server hosting on the Cloud can have security benefits. Many use two-factor authentication by default in case a password is compromised, so hackers need a secondary code sent to a phone or email. Advanced security software can detect threats as they take place, and with regular back-ups lost data can be recovered. All these benefits can be had with on-site servers but require IT help to set them up.
Remote hosting has productivity and organisational benefits, and can empower remote working. It allows users to access all software and functionality on any computer or smart device.
Hosting on the cloud can also be better for the environment. On-site servers can emit 975 kg of CO2 emissions per year if the company doesn’t buy its electricity from a renewable supplier; some hosting services run on renewables and take that figure down to zero.
Matthew Smith is sales manager at Grosvenor Systems.