and British businesses can’t afford to ignore it
As I wrote here at the beginning of last December, 2015 will surely be seen as the year of the big data breach, high profile data breaches at Ashley Madison, Carphone Warehouse, Talk Talk, Hilton Hotels and J D Wetherspoon made headlines. And rightly so as the personal details of some thirteen million people were compromised in those few breaches.
And while some of those breaches were conducted by sophisticated ‘cyber pirates’, others were accomplished by disaffected teenagers.
Other data breaches – such as that suffered at Morrisons, which compromised the personal details of some 100,000 Morrisons Staff – was a deliberate act by an employee ‘with a grudge’.
While the board of Talk Talk concede that the cost of remediating their attack at ‘no more than £35 million’ the, relatively small, Morrisons breach cost around £2 million to resolve.
Anthony Hilton, writing in the London Evening Standard (here) described Cyber crime as a “threat that British businesses can’t afford to ignore”.
Hilton cites a study by the Centre for Economic and Business Research that suggested that 60% of surveyed businesses were ‘confident that their security would keep an attacker at bay’, brave words when you consider a survey by PwC suggesting that ‘90% of large companies and 74% of small companies had experienced some kind of breach in the previous 12 months, and most had experienced more than one – the average was four’.
The CEBR survey also suggests that 14% of companies have never had a board briefing on cyber security, and 32% have never prepared a formal risk assessment.
Clearly, for companies that process payment card data, the PCI DSS standard demands an annual risk assessment and incident response plan. Better still, outsource any card processing to a company that can demonstrate that they’re already PCI DSS certified.
As I suggested here a month ago, if you take the position that a data breach or cyber attack is to ensure that you don’t store anything that could be of value to the hackers. Obviously any customer or employee data could be used in social networking as we heard stories of Talk Talk customers being contacted by ‘agents’ seeking account details for refunds. But all that takes effort, the hackers are looking for the quick win, the card data.
Once again, consider out-sourcing your card payments, keep the data out of harm’s way.
We can help, get in touch.