In the course of 2018, British companies faced an increase in both the scale and complexity of cyberattacks.
Given the evolution of the threats over the year, three cybersecurity experts gathered in Manchester for a UKFast webinar to discuss the year's biggest violations and what British companies can learn from them.
The panel included Annabelle Gold-Caution; Associate with European law firm Fieldfisher, Paul Mason; Specialist in IT security, education and training at cybersecurity firm Secarma and Noha Amin; Information Security Awareness Manager at TalkTalk. Morrison's
In November 201
Annabelle Gold-Caution said, "The risk that business owners are held responsible for data breaches caused by employees must be reflected in security policies and reduced by implementing strict data access rights."
Experts recommend Business owners implement policies that provide access to corporate data Least privilege, which reduces the number of people with access to critical data and the risk of unauthorized data exchange.
Noha Amin added, "Everyone pays now more attention is paid to their personal information and people are very vigilant, as highlighted by Morrison employees whose data has been leaked.
" Employees demand compensation for their plight "And this type of litigation is becoming more common if companies do not mitigate all possible risks to protect employees and consumers."
Reputational damage is a serious side-effect that many organizations suffer from data loss, and the tech giant Facebook reported two major data breaches in 2018 caused by exploited network vulnerabilities.
The first breach alone Cambridge Analytica involved more than 1 million users in the UK and nearly 90 million cont
The company's reputation has suffered irreparable damage as a result of one in 20 Britons and millions around the world clearing their accounts after the second infringement was posted.
Paul Mason said: "When news of the second Facebook data breach hit the company's stock price fell 6% in just two hours.
"Although data can be obtained with good disaster recovery strategies, the reputation is not so easy to recover. This is a serious reminder for business owners to keep their networks up to date, updated and regularly tested to be one step ahead of those willing to take advantage of it. "
Annabelle Gold-Caution also commented on the lesser-known impact on companies and companies their teams.
She said, "An often-missed element of reputation damage is the impact on a company's own employees – the internal team is often given priority when managing external PR activities."
Employee participation (eg stock options) may be particularly worrisome about the impact on the stock price. Lack of transparency can lead to significant losses in internal morality, especially for organizations with a strong mission statement. "
That not all violations are due to hackers, Mason also reflected on the TSB case of April 2018, where the bank failed to securely migrate data from one system to another.
The switch prevented more than 400 users from accessing their own accounts, and many were able to see details of other users' accounts, so leaked data became Exploited by fraudsters claiming to be TSB investigators, some clients have been cheated out of £ 30,000.
Mason commented, "It's not just data that violates GDPR legislation, Lloyds could not give its consumers three basic data rights Availability, Integrity, and Confidentiality: This is a grave violation of data protection laws. "
He added," It is extremely important to deploy systems before they go into service, especially when moving large amounts of data. Even the smallest disruption could have huge consequences if you have not considered all possible scenarios and how they can be resolved quickly to avoid problems that affect your customers.
"The TSB could pay substantial fines from the Information Commissioner Office and the Financial Conduct Authority for a presumably innocent error.
"Businesses need to ensure that they always protect their consumers' privacy rights, face potential fines, and lose the trust of their customers."
The amount of fines awarded to the bank under DSDPR legislation remains to be confirmed.
The cases of Morrison, TSB and Facebook show that the effects of data breaches in a landscape where data is rapidly becoming a dataset can be very damaging and unpredictable to the world's most valued currencies.
We will certainly see a continuing stream of cyber attacks and data breaches in 2019. With the new year Will companies around the corner learn from the misfortunes of companies in public? Only time will tell.
The comments were recently submitted to a UKFast webinar.