Protecting yourself: the economics of cyber security - Blog | Novosco
Blog

Novosco Blog

Expert opinions and experience from Novosco, one of the UK and Ireland leading managed service providers.

Protecting yourself: the economics of cyber security

Protecting yourself: the economics of cyber security

There can be few businesses left in the UK and Ireland who haven’t had to factor Cyber Crime into their considerations in recent years. Whether they've become victim to such crimes already or have taken steps to prevent an inevitable attempt on them, one thing's for sure – ignoring it isn’t an option.

The National Cyber Security Centre’s (NCSC) annual report this year highlighted the increased prevalence of such crimes, “criminals are launching more attacks on UK businesses than ever before,” was the summary accompanying the report.

The Institute of Directors put the cost of online fraud and cybercrime in the UK at over £11bn in 2016, and a survey by the FSB states that the UK’s 5.4 million small business are collectively attacked more than seven million times a year.

Ireland has worked hard over several years to position itself as a global tech hub, and with many Silicon Valley giants setting up their European bases in Ireland, it is surely succeeding. This technology wave hasn’t prevented cybercrime in Ireland being double the global average, with four out of ten organisations failing on risk assessments.

According to PwC figures, 66% of Irish firms lost up to €810,000 through cybercrime. Furthermore, seven out of ten firms spent more on subsequent investigations and mitigations than they initially lost to the cybercrime itself.

Statistics on the subject are many, but all eyewatering.

The NCSC recommendations for businesses echo that of Novosco’s security experts:

  • Deploy security patches when they become available
  • Adopt an ‘always-on’ antivirus solution – one that runs infrastructure-wide
  • Conduct regular vulnerability scans (and act on vulnerabilities identified)
  • Configure access for users, devices, and services on a ‘least privilege’ basis
  • Establish configuration control and management protocols

It’s understandable that conducting business in the modern digital age can be daunting for people and organisations alike. Whether it’s Ransomware or Phishing, DDoS, identity theft, hacking, or something else, there are clandestine groups and people out there working on the latest new ways to get what they want.

One quite incredible development recently has been that of ‘ransomware as a service’ – these are, for all intents and purposes, organisations whose entire business model is built around supporting the bad guys to succeed.

Take ‘reFUD’ – a ‘Counter Antivirus’ service which charged a monthly (or lifetime) fee for cyber criminals to test whether their malicious tools would defeat various antivirus solutions. These organisations are not the stereotypical ‘awkward teenagers in their parents’ basement’ – they offer full-package services, including, believe it or not, technical support lines, as discussed in Novosco's recent webinar with Fortinet on Zero Day Threats.

Somewhere right now there are cyber criminals phoning premium rate phone numbers to troubleshoot issues they’re having with deploying their malevolent software against the same types of antivirus that you may well be operating on your system right now.

Long gone are the days when a firm could go from free-trial to free-trial of antivirus software and hope this was enough. Whilst small organisations can’t respond in the same manner as a multi-national, and it is indeed a question of scale, doing-nothing isn’t an option.

When you and your organisation are up against these types of shady efforts, it’s essential that you arm yourself in kind. The annual global cost of cybercrime is as much as $1.5tn – to put that in perspective, the global perfume market was worth $37bn. Europol have said that cybercrime is now more profitable than the global trade in marijuana, cocaine, and heroin combined.

Cyber Security requires an always-on approach, a wide-range of specialist skillsets, a deep understanding of the technologies in play, and an understanding that sometimes it’s about what to do after an attack.

If you’re interested in speaking with Novosco’s security experts about our Managed Security Services or any of our other solutions that are trusted by public and private sector organisations in a wide range of industries across the UK and Ireland, get in touch. It’s never too early, but it can be too late.

Managed Security Services

10 Minutes with... Victoria Johnston, Cloud Camp g...
10 Minutes with... Jacqui Kennedy

Blog Categories