Cyber: basic security controls will prevent 80% of attacks

Published on Wed, 23/10/2019 - 16:43

Cyber-resilience can seem like an unattainable goal, but there are simple and effective measures available to all businesses, big and small, says Tiago Dias of FM Global.

With the threat of cyber risk constantly changing to incorporate new methods of cyber attacks, it can seem daunting for businesses to continually detect and protect against this ever-changing risk. With more than £190,000 lost in the UK by victims each day to cyber attacks, it remains a lucrative business for criminals and malevolent actors, with no signs of slowing down.

This presents a problem for businesses. While cyber continues to pose a risk, greater connectivity and digitisation also creates many opportunities within almost every single industry. Therefore, risk managers must ensure they balance the risks and opportunity that cyber provides. Building cyber resilience will allow businesses to continue benefiting from technological innovations, whilst simultaneously reducing the risk of a successful cyber attack.

Cyber criminals do not discriminate

Unfortunately, many businesses fall victim to cyber attacks due to the common misconception that only large businesses are targets combined with poor basic cyber hygiene. However, cyber criminals rarely discriminate when launching an attack, with the havoc caused often enough of a motive. Therefore, it is vital that businesses of every size, and within all industries, prioritise cyber security.

Building cyber resilience in the face of an ever-changing risk landscape can seem like an unattainable goal. However, while cyber risk may be relatively new, tried and tested risk management strategies have proved to be effective against cybercrime.

The most important step in building resilience is for businesses to have a clear understanding of their level of risk in a cyber context. By conducting a thorough assessment of a business' cyber exposures, risk managers acquire a clear overview of the current risk level within the business. Risk managers will then be able to target vulnerabilities within a business, effectively building defences against future attacks.

Phishing is the biggest vulnerability

Cyber security is no longer only an issue for IT staff as all employees are being increasingly targeted by cyber criminals. Phishing, which is defined as "a cybercrime in which a target or targets are contacted by someone posing as a legitimate institution to lure individuals into providing sensitive data" remains the most effective way for cyber criminals to gain entry into businesses. So, another important step is to conduct training for all staff to be aware of cyber threats and how to recognise and deal with a potential cyber attack. In this way businesses can successfully prevent a huge number of cyber attacks.

Fortunately, building cyber resilience does not have to be a demanding task for risk managers. Given 80% of cyber attacks would be defeated by basic security controls, it is clear that a few relatively simple risk management steps, coupled with a responsive insurance programme should the worst happen, can make a real difference.

Tiago Dias is cyber consultant at FM Global