Seems like you cannot scroll through your Facebook or Twitter news feeds these days without something popping up about the latest hack of someone’s or some businesses private records. (I apologise for not mentioning the online News syndicates but who reads them anyway right?) Of course, as does always happen with repetition in news stories, people’s interest wanes so eventually the reporting on them becomes less and less important. However, in the world of Cyber News, then came along the attack on the Ashley Maddison website run by Avid Life Media. Here was some real news that was worth reporting on, countless people had been exposed as being cheaters, nothing gains more interest than someone else’s infidelity apparently. The details of the hack were not really that important, nor the details as to why it had occurred, rather it was all about the naming and shaming of those that had been caught up in cross fire between a moralistic terrorist and a business that promoted the act of betrayal of one’s spouse.

But in the past weeks, the reporting on this ground breaking event has diminished from our News feeds and once again we have returned to normality. That was until earlier this week when I read that Apple had revealed that despite assertions of having one of the safest operating systems, their App Store was compromised and Chinese users of various apps have had their private data accessed by unknown criminals. Details are sketchy as to what has been accessed and what apps effected, but what has become clear is that this is definitely become an issue that no one, no business, no corporation is immune from.

There is a new term that has caught my attention, perhaps not so new when you’re read up on it. The Internet of Things or IoT for short is billed as the third wave of development in the internet. In short, it encompasses the next phase of the internet’s development which if correct will see the number of things connected via the internet boosted from approximately 3 billion to 28 billion by 2020. Interestingly enough Goldman Sachs in the US was discussing this in September 2014 and within the article which describing the favourable leaps in technology and benefits to our lifestyles, I came across this one statement “Key to watch, privacy and security – a likely source of friction on the path to adoption”

Well, when linking the world of IoT and Cyber Crime I don’t think it’s a case of watching any longer because it is fair to say that the tide has now well and truly come in and if I am not mistaken, there is a 12ft tidal surge coming in with very some stormy conditions for everyone to endure.

Cyber Crime is a business, an illegal one but a business none the less. And as a business, their target markets are not just the larger corporations, they are setting out be very active in the Small to Medium Business as as well. The strategy is very simple, whilst a corporation may be able to afford a ransom of $1,000,000 to $10,000,000 for the safe release of encrypted data and to save their businesses; they are hedging their bets that the small to medium businesses will owner probably fund a ransom of between $50,000 to $100,000. Smaller the business turnover, the smaller the ransom.

So before you now throw your hands up in despair and declare bankruptcy, there are a number of steps that you can take to make it as difficult as possible for an outside intrusion to your business;

• Review the data you hold and identify the critical data that may be of interest to third parties, at least have an idea of what you stand to lose;
• Employee involvement – bring all staff in on the issue of protecting your IT infrastructure. Most forms of Malware or Ransomware are introduced to a system via an unwitting employee.
• Software – investing in software which is constantly updated can be extremely expensive however, with the right IT consultant; it does not have to be. Research the services offered by your IT people and ask what they are doing to ensure the chance of a breach is minimised.
• Cyber Risk insurance – I have left this last deliberately as really I see Cyber Insurance as the absolute last line of defence. If you take all the steps above it will not guarantee safety from attack however it does make it harder. Your Cyber Insurance will take care of the response to an attack including the negotiation with the perpetrators and in required making the required payment to secure the release of your data.

The little known fact is you could be insured for Cyber & Privacy Protection for as little as $700 buying $250,000 of Indemnity!!

So despite all the doom and gloom it is not as bad as it first seems when you can take some pretty easy steps to build up defence from a Cyber Attack. Bring on a world where Cyber Resilience is just as common place as a Facebook or Twitter News Feed.