Each week, Cybersafe.co.uk will be updating you on the latest cyber attacks threatening the private and sensitive data of businesses all over the UK. As technology evolves, so do cyber criminals and their methods of attack. If your company does not have the right cyber security processes in place, it runs a serious risk of cyber attackers infiltrating its network and data. The results could devastate your business if your data falls into the wrong hands. Whether it be paying a ransom which could cost you a fortune, losing all your data and not being able to recover it, a fine due to GDPR breaches, or reputational damage, all of these effects could have a severe impact on how (and if) your business will be able to move forwards. 

11th April 2024 – Below, we update business leaders on what you and your employees need to look out for when assessing cyber threats to their data.

Vet firm CVS hit by a cyber attack – exposing customer data

Veterinary group CVS recently experienced a significant cyber attack, resulting in notable disruption, particularly to its UK operations. While the company hasn’t disclosed the accessed data, it has alerted authorities due to the potential risk of personal information exposure. CVS swiftly took action, restoring IT services across most of its global network, though some systems remain less efficient.

The company was reactive in its approach to the cyber attack. It initiated a temporary shutdown of IT systems upon discovery and prevented further unauthorized access. While UK operations were disrupted, international branches remain unaffected.

The incident has been reported to relevant authorities, including the ICO, which is currently assessing the situation. CVS is accelerating plans to transition its IT infrastructure to the cloud, which may impact operations for several weeks alongside enhanced cyber security measures. It is all part of the company’s mission to become Cybersafe and restore credibility from customers and potential customers alike. We discussed the importance of the impact a cyber attack can have on the reputation of a company in our latest Cybersafe Digest podcast.

Half of UK businesses experienced a cyber attack in the past year

A lack of knowledge and implementation of cyber security processes is a disaster for UK businesses!

A recent survey by the UK government reveals alarming statistics regarding cyber attacks on businesses. It found that half of UK businesses experienced a cyber attack or security breach within the past year, with medium-sized businesses being the hardest hit, comprising over two-thirds of the affected entities. Even charities weren’t spared, with nearly a third experiencing incidents.

Phishing attacks, the predominant threat, targeted four out of five businesses. This is a clear indication of the immediate threat businesses face. A significant portion experienced impersonation tactics by cyber criminals. Additionally, nearly one in five businesses fell victim to malware or virus-related breaches, highlighting the shift towards less sophisticated yet effective methods by cyber criminals.

While the lack of awareness and adherence to cyber security standards among businesses is concerning, there are signs of improvement. More businesses are updating malware protection, restricting administrator rights, implementing network firewalls, and enhancing procedures for dealing with phishing emails. This proactive approach to cyber security is crucial in reducing the risk of cyber attacks, and a lot of businesses are using Managed Cyber Security companies to help them ensure they are implemented correctly. However, those neglecting these practices remain at a higher risk.

The survey also highlights the need for more awareness of government guidance on cyber security best practices, such as the 10 Steps to Cyber Security and the Cyber Essentials standard endorsed by the National Cyber Security Centre. This underscores the urgent need for businesses to prioritise cyber security education and implementation to safeguard against evolving cyber threats.

Data breaches are no longer encrypted but are even more dangerous to businesses

Businesses are facing a growing need for heightened vigilance due to a new method of cyber attack. Well, it’s not new; it’s old, but it is now modern and a more significant threat to businesses than before. Read on to see why an encryptionless data breach is so dangerous for companies and what companies need to look out for to become Cybersafe.

A significant trend emerging is the evolution of ransomware and data breach techniques, particularly the rise of encryption-less attacks. Unlike traditional ransomware, these cyber attacks involve stealing data without encryption but extorting money from companies by threatening to expose or replicate the stolen information. As a result, these attacks pose not just financial risks but also reputational risks for businesses.

Ransomware attacks are often orchestrated by organised cyber criminal groups operating as profit-driven businesses. Opting for encryption-less attacks provides financial advantages, eliminating the time and resources required for encryption and decryption processes. Moreover, encryption-less attacks allow hackers to selectively target valuable data quickly and efficiently. The complexity and technical expertise required for encryption-based attacks further incentivises the adoption of encryption-less tactics.

Businesses must strengthen their cyber resilience to counter the triple threat of ransomware, encryption-less attacks, and DDoS cybercrime. A holistic approach that includes education, collaboration, and advanced cyber security tools is also essential for detecting, preventing, and recovering from cyber attacks. There are many methods that help companies become cybersafe, and a proactive approach is the first step.

These measures are necessary for businesses to remain vulnerable to the threat of cyber threats. Organisations must now take control of their data security to safeguard against the escalating risks of modern cybercriminal tactics.