Prevention is key weapon in fight against cyber attack
As cyberattack incidents become more sophisticated, there is a consensus that it will not be ‘if’, but ‘when’ a situation arises, says Joanna Goddard
Cyber-attacks are on the rise. In the past few weeks, hackers brought down the entire IT network of Waikato District Health Board in New Zealand that led to surgeries being postponed and emergency operations cancelled at public hospitals.
Indeed, this crippling attack was just one among a slew of daily cyber assaultshittingnewzealand'shealth and hospital network in recent months, according to the country’s Ministry of Health.
In recent days, we read about a ransomware assault on Ireland’s health network where hackers stole health data of thousands of patients, the ramifications of which are yet to be fully realised. Another recent attackshutdownanimportantunited States fuel pipeline last month. Hackers are increasing their cyberattacks on public health and corporate entities across the world, but these attackers are prepared to hit any business, large or small, so why do businesses not make this a priorityandtreatcyberresilienceinmuch thesamewayasitdoeswithitshealth and safety procedures?
After all a vulnerable and unprotected IT and people infrastructure which doesn’t have the necessary protocols to mitigate against cyber-attack, could very much spell the end of a new business before it properly gets off the ground.
The key word here is ‘Prevention’. The UK Government offers a lot of free guidance and tools, through the National Cyber Security Centre (NCSC) – the cyber division of GCHQ. It has a raft of measures such as a toolkit for company board members which includes ‘Exercise in a Box’ a very useful practice, similar to running a fire drill for your company. Instead, however, you get your team involved in running a mock cyber-attack drill. This will help any business identify any gaps that need to be plugged. It is often lack of staff training that can lead to cyber risk, long before an attack on IT systems causes a problem.
With this support from government, it is now down to each start up to engage with their nearest resilience centre and absorb this valuable support. There is a similar centre in Scotland, The Scottish Business Resilience Centre, also chaired by Paul Atkinson, Chair of Converge, a renowned start up investor.
As cyberattack incidents become more sophisticated, there is a consensus that it will be not ‘if’, but ‘when’ a situation arises. Today’s prime concern in business continuity planning should be about what happens if your management and IT systems go down as a cyberattack takes hold. Would you know who your customers are? Can you contact them? Can you contact your suppliers? Importantly, Can you still access your bank accounts?
Hacking and online fraud are damaging for any firm but for small businesses, particularly start-ups with limited resources, they can be devastating. One shocking statistic is that 60 per cent of small companies go out of business within six months of falling victim to a data breach or cyber-attack. In recognition of this, Converge will be hosting a special session this autumn to help academic entrepreneurs adopt strategies for fighting cyber threats.
Joanna Goddard, Director of Programmes, Business Resilience International Management (BRIM) and Board Member of Converge.