Why every UK manager should fear a data breach

05 June 2015 -

“Breach

A devastating cyber attack on a US government agency has highlighted the importance of data security in organisations of all types

Jermaine Haughton

“Our Avios account was hacked and two rooms for three nights in Spain were booked with my name as lead traveller and two Russian-sounding names booked alongside,” seethed a March chatroom post by a member of British Airways’ Executive Club. It is the sort of comment that no manager would want to see about their firm – let alone an elite service such as BA’s top-flight business package. “We called BA,” the post continued, “which froze our account and cancelled the booking, [then we] called the hotel and … the front desk agent thought we wanted to speak with Dimitri and Olga as well as the local police (good thing we speak Spanish).”

Flash forward to today, and data breaches are once again high on the agenda, with Chinese hackers thought to be behind the reported theft of personal records on around 4 million US government workers, following a cyber attack on the Office of Personnel Management. According to an anonymous US official, the hackers – said to have links to the Chinese government – stole files on current and former Federal employees late last year, and the sensitive details could be used to target vulnerable individuals for the purposes of bribery, blackmail, and entrapment.

The startling development recalls last year’s highly embarrassing cyber attack against Sony Pictures – repercussions of which rumbled into this year when co-chair Amy Pascal stepped down, following copious revelations about snide comments she had made about Sony-hired actors in her hacked emails. With the vast majority of businesses currently storing their communications, staff information and confidential company data on web-linked servers or cloud platforms, the need for businesses to protect those assets is only intensifying.

In the same week as revelations emerged of the US attack, this year’s edition of the UK Information Security Data Breaches Report from PwC has shown that:

60% of small businesses were affected by cyber attacks in 2014

90% of large firms suffered similar problems

Hacks cost between £65,000 and £115,000 in 2014 compared to between £35,000 and £65,000 in the previous year

Malicious software is the main device used to unlock company IT systems, with 45% of small businesses rocked by viruses from malware in the past year

Despite all this, a YouGov survey – also released this week – suggests that the data-security message has yet to sink in for both growing and established firms. YouGov stressed that a careless approach from employees towards their distribution of personal details on social media has made many companies ill-equipped to tackle cyber threats successfully. More than half (54%) of respondents admitted they would connect with complete strangers on social media, while 56% have not set up access controls on their social media channels. Gender also plays a role, according to the study: more than 50% of females surveyed said they had set up privacy settings that allowed only certain people to see their full profiles – compared to just 36% of male employees.

Tom Court – cyber crime researcher at data-security specialists Alert Logic – commented on the US breach: “Attacks against high-profile targets such as this require the adversary to possess the means, a motive and be given an opportunity to strike. In this case the attacker was a group of skilled hackers who had previously demonstrated they had the means by launching a similar attack against the same target in March last year. The motive is clear and should be a red flag to all organisations that hold large amounts of personal data.”

He added: “This information is fast becoming a currency that cyber criminals trade in, and should be treated with the same degree of care as financial data. A large organisation with potential IT and security budget constraints presents an opportunity to would-be attackers. Nevertheless, once additional expertise was brought in, the breach was quickly discovered and remediated. This underlines the importance of continuous network monitoring to uncover anomalies before they become headlines.”

For previous Insights coverage of data breaches, click here and here.

Find out how managers rank cyber threats as a hot-button issue in CMI’s CEO Challenge infographic.

Powered by Professional Manager