Xyone Cyber Security co-hosted an exective roundtable to discuss pressing cyber security concerns on June 13th in Manchester, alongside IT service provider summ.it and insurance broker A&B. Attending were subject matter experts such as Det Ch Supt Neil J. Jones, Police Lead at the Manchester Digital Security Centre, alongside SME owners and IT professionals representing sectors ranging from legal to retail.
Some attendees were clearly surprised to discover the true scale of the cyber threat facing them, with the average cost of a cyber attack for an SME currently around £65,000 and well over half of UK businesses expected to experiencing at least one breach per year. 2 out of 3 small businesses are not able to recover from such an attack and are forced to fold.
Attendees were understandably keen to hear how they could protect themselves and their businesses. Luckily, the experts present had a number of simple solutions to offer. Firstly, business owners were advised to prioritise and intergrate cyber security within their business thinking and to never take it off of the table. Secondly, a range of potential services were detailed.
These services included Xyone’s Manipulate social engineering vulnerability assessment, and Xyone shared two recent stories from the service. In one instance, determining as little as a target employee’s nickname and work pattern (via some brief online searching) allowed our consultant to convince a law firm’s finance team to amend payment details over the phone. In the other, a mock phishing email was sent to all employees of our client requesting usernames and passwords for an ‘IT update’, and over 200 responded with the information requested (including managers unaware that the test was taking place).
The roundtable concluded with three key pillars that must be considered when implementing any cyber security strategy:
- IT Support – should it be internal, external or a combination of the two?
- Cyber Security certification – ensuring that you align with Cyber Essentials as a minimum, and demanding the same of your entire supply chain
- Cyber Insurance – do you have coverage, and do your procedures and policies adhere to your agreement if so?
In addition, the two main sources of risk were identified as employees, whether through falling for phishing emails, disclosing sensitive information on social media, using weak authentication, etc., and supply chains, which can greatly increase your vulnerability and risk exposure as they expand.