Are you on the cyber frontline?

With security services believed to be on standby for Russian cyber attacks and the UK nation media reporting that the UK is ready to retaliate, should we be worried where this all heading? Throw in the imminent launch of the General Data Protection Regulations (GDPR) next month and the story that a casino has been hacked through a thermometer in their fish tank – it’s clear that the stakes have never been higher as we grapple with the security implications of ever more connected devices.

There is the temptation amongst small businesses to think that “we’re too small to be of interest to hackers” and that the implications of GDPR are overblown and will come to nothing. The reality is that a significant proportion of cyber attacks are indiscriminate, they are not looking for ‘big business’ – but weaknesses.

Several years ago as a CTO of a small commercial website I set up an alert for a specific kind of attack – SQL injection – which is a way of attempting to hack into the database behind a website; I was immediately inundated with alerts all day, every day, with attacks originating in China, Russia, Africa. That was probably 10 years ago and they say the level of attacks are increasing exponentially.

If you look at the logs of your average router, which is effectively the doorway between your house or business and the internet, you will see a constant barrage of requests from the internet looking for open ports or weaknesses. Add in the Internet of Things (cctv, printers, tills, Alexa, etc) and the number of potential entry points for hackers keeps growing.

Should we be worried? I personally think businesses should be working on the basis of not if, but when they are affected – but taking on board GDPR in many ways should help us minimise the risks.

Although the recent Facebook/Cambridge Analytica fallout was not an incidence of being hacked, it still demonstrates the potential negative effect of not taking your customer data seriously. If you haven’t started looking at what data you hold, why you hold it and ensuring that access to it is appropriate, now is the time to start.