Firms ‘must do more’ to combat threat posed by cyber attacks, regulator warns
ORGANISATIONS need to do more to boost their cybersecurity and protect the personal information they hold in the face of the growing threat of cyber attacks, the data protection regulator has said.
The Information Commissioner’s Office (ICO) said that its own data showed that more firms than ever were experiencing cybersecurity breaches and it has now published advice around common security mistakes to help firms avoid such situations.
The ICO said more than 3,000 cyber breaches were reported to it in 2023, with the finance, retail and education sectors reporting the most incidents.
The regulator’s intervention also comes in the wake of a high-profile attack on the Ministry of Defence (MOD).
Hackers targeted a third party payroll system that holds personal data – including names, bank details and some addresses – of service personnel and some recently retired veterans.
The ICO said it was vital that businesses had the “foundational controls” in place to prevent cyber attacks targeting their systems.
Stephen Bonner, deputy commissioner for regulatory supervision at the ICO, said: “People need to feel confident that organisations are doing as much as they possibly can to keep their personal information secure.
“While cyber attacks are growing more sophisticated, we find that many organisations are not responding accordingly and are still neglecting the very foundations of cybersecurity.
“As the data protection regulator, we want to support and empower organisations to get this right. While there is no single solution to prevent cyber attacks, there is absolutely no excuse for not having the foundational controls in place.
“These are essential to protecting people’s personal information and we will take action, including fines, against organisations that are still not taking simple steps to secure their systems.
“If you do experience a cyber attack, we always encourage transparency as your mistakes could help another organisation to avoid a similar breach.”
The ICO’S new report, entitled Learning from the mistakes of others, includes advice for firms on how to understand common security failures and take simple steps to improve their own security.
It includes guidance around what the ICO says are the five leading causes of cybersecurity breaches.
They inclue phishing scams and brute force attacks where hackers use trial and error to guess log-in details.
Other techniques used are denial of service attacks, where hackers flood a site with traffic to knock it offline, security setting errors and supply chain attacks.