Cyber attacks are becoming more common and sophisticated in today’s digital world. While you may be thinking that you are unlikely to become a target, unfortunately we are aware of small Financial Advisory firms that have been through this already, so don’t fall for the false sense of security and take preventative action.
A cyber attack is a malicious attempt to steal, expose, or destroy data, disable systems and networks, or breach a system to launch additional attacks. According to the Hiscox Cyber Readiness Report 2022, cyber threat is now seen as the dominant risk to business in seven out of eight countries – ahead of the pandemic, economic downturn, skills shortages and other issues. The report also revealed that, despite the UK having the smallest proportion of firms being attacked, at 42%, the median cost of attacks has doubled to $28,000. These attacks can result in data breaches, loss of sensitive information, financial loss, and damage to reputation. Companies with revenues of $100,000 to $500,000 can now expect as many cyber attacks as those earning $1m to $9m annually. Despite this knowledge, SMEs have significantly reduced their spending on cyber defenses as overall IT spending is lowered. This has come at the wrong time.
According to a 2022 report by Statista, nearly a quarter of companies in the U.S. which have experienced a cyber attack have lost between $50,000 and $99,999. Among the surveyed companies, another 22% reported losing between $100,000 to $499,999. The number and variation of cyberattacks have also been increasing. Phishing attacks have increased by 48% in the first half of 2022, with reports of 11,395 incidents costing businesses a total of $12.3 million. There’s also research suggesting that up to 40% of cyber threats are now occurring through the supply chain. Similarly, as the internet of things (IoT) continues to grow in scope, sophistication and accessibility, it’s becoming an increasingly tempting target for cyber criminals.
According to another study by the CEI, in 2022 ransomware, mobile malware and targeting the IoT were the three growing forms of cyber attacks. Ransomware, which refers to a type of malicious software that, once launched, encrypts data or shuts down access to a computer system until a ransom is paid, accounted for 37% of cyberattacks in 2021.
Therefore, it is essential to understand the threats and to react quickly when threats are detected. Unfortunately, sometimes this may not be enough and the cyber attack may have already occurred. If this is the case, there are certain steps to take to ensure minimal damage to the company. That being said, its vital to work with someone that understands the financial planning profession or at least the financial services sector. An uneducated approach to cyber security can end up being more dangerous than no-approach.
6 steps you need to take in case of a cyber attack
Step 0: If you are not 100% sure, get expert help as soon as possible!
Step 1: Identify the type of attack
First you need to identify what kind of attack you are dealing with. For example, is it a denial-of-service attack that floods your network with traffic, is it a ransomware attack that encrypts your files, or is it a data breach that exposes sensitive information?
Knowing the type of attack will help you determine the appropriate response strategy.
Step 2: Contain the Breach
Most attacks are designed to provide the attackers with a persistent backdoor into your systems, so that data can continue to be extracted over time. It’s important to identify and shut down all access the attackers may have to your system.
Whatever type of cyber attack you experience, your team should promptly move to:
- Disconnect the affected network from the Internet
- Disable all remote access to the network
- Reroute network traffic
- Change all vulnerable passwords and credentials
- Block malicious IP addresses or domains
The key is to completely deny the attackers access to your system. You can then work to return the system to a hopefully more secure working condition.
Step 3: Assess and Repair
Once the attack has been contained, you need to determine how the attack happened, which (if any) critical business functions have been compromised, what data has been affected by the breach, which systems have been illicitly accessed, and whether any unauthorised entry points remain. Systems may need to be reinstalled, compromised data may need to be restored from backup copies, and any damaged hardware repaired or replaced. This type of work should be conducted by a seasoned IT professional only.
Step 4: Report the Attack
We advise reporting the attack to the NCSC . In some instances they can help with your recovery process.
You should also consider if any other professional bodies and stakeholders need to be notified such as the Information Commissioner’s Office (ICO) or clients.
Step 5: Communicate with Clients (if relevant)
It’s important to consider how best to manage the impact of the event on others. If the attack impacted any client data, you will need to:
- Inform them about what data was affected and what actions they need to take (such as changing passwords or monitoring accounts)
- Apologise for any inconvenience or harm caused by the attack
- Reassure clients about what measures you have taken or are taking to prevent future attacks
- Provide contact information for further assistance or inquiries
Step 6: Learn from the Experience
Finally, your organisation needs to learn from the experience. Do a thorough investigation and determine how to change your systems and procedures to ward off future attacks. Use this incident to get smarter and stronger about your company’s cyber security.
Potential consequences of a cyber attack
🔴 Loss of reputation: data breaches like the ones that happened at Equifax, Target, and J.P. Morgan Chase — each of these companies lost their clients’ personal data, including social security numbers, bank account information, and credit card numbers. Losing the trust of your clients can make it difficult, if not impossible to recover your reputation following a data breach.
🔴 Loss of productivity: when malware is deployed into a business, operations can be shut down by a minimum of hours up to days and weeks. According to a Statista report, in 2021 the average length of interruption after ransomware attacks on businesses and organisations in the United States was 20 days. This was an increase of 5 days from 2020. This means that for those 20 days companies show less than 100 percent productivity or experience some material interruption as a result of a ransomware attack.
🔴 Financial loss: whether its paying a ransom, the shut down of operations, the average cost of a data breach for a small to medium-sized business is $117,000 according to a report from Kaspersky Labs.
Prevention is better than cure
The best way to deal with cyber attacks is to prevent them from happening in the first place. Here are some simple preventive measures you can take today:
✅ Limit employee access to data and information that they need for their work. Use strong passwords, multi-factor authentication, encryption, and access control policies.
✅ Regularly update your software with the latest security fixes and features that can help you detect and block malicious activity.
✅ Install and activate software and hardware firewalls on all your business networks. Firewalls can filter incoming and outgoing traffic based on rules and criteria that you set up.
✅ Use antivirus software and malware scanners on all your devices. Scan your files regularly for viruses, worms, ransomware, spyware, adware, etc. that can infect or corrupt your data.
✅ Complete your Cyber Essentials or Cyber Essentials Plus Certifications. These are the set of basic technical controls organisations should have in place to protect themselves against common online security threats.
✅ Consider taking out Cyber Insurance if you haven’t got it already
✅ Educate your employees about cyber security awareness. Train them on how to recognise phishing emails, avoid clicking on suspicious links or attachments, report any suspicious activity or incidents etc.
For cyber resources and training head to:
- Hiscox CyberClear Academy is an online interactive suite of cyber training content, made up of nine learning modules.
- The platform features diagnostic assessments to test existing knowledge and ensure that training is tailored to specific knowledge gaps.
- There is a mixture of videos and interactive material, as well as refresher modules to help keep cybersecurity front of mind.
- The course is accredited by GCHQ, the UK’s intelligence agency responsible for cyber security.
- NCSC have launched a campaign, Cyber Aware, to raise awareness among small businesses, microbusinesses and sole traders.
- They provide two flagship services designed to help millions of UK small businesses stay secure online and protect their livelihoods:
- The Cyber Action Plan can be completed online in under 5 minutes and results in tailored advice for businesses on how they can improve their cyber security.
- Check your Cyber Security can be used by any small organisation and enables non-tech users to identify and fix cyber security issues within their businesses.
3. ATEMA IT Webinar on Phishing attacks
- On Thursday, 13 April 2023 at 11:00am ATEMA is running a “How To Spot A Phishing Email” webinar in response to the drastic increase in sophisticated phishing emails being sent.The webinar will explore common social engineering tricks attackers use and how to spot them and dive into the business impacts phishing emails have and how best to react when something does go wrong.
- Register for the webinar here.
Written in collaboration with Atema Ltd.