The incidents to which I refer are those affecting Carphone Warehouse and Ashley Madison. Carphone Warehouse is a prominent retailer of mobile phones and associated contracts. Ashley Madison is a dating website for married individuals looking to have an affair.
The magnitude of these incidents is significant. 2.4 million individuals’ personal details were stolen in the Carphone Warehouse breach, along with 90,000 payment card details. Ashley Madison has an estimated 1.2 million users in the UK, many of whom may now be wide open to third-party extortion attempts or more pressing first-party marital mediation.
Putting those figures into context: there are roughly 52.5 million people over the age of 15 in the UK, and roughly 18 million married couples. That means that as a result of just these two incidents:
- 1 in 22 UK residents may suffer payment card fraud or identify theft as a result of the Carphone Warehouse attack.
- 1 in 15 UK marriages may be irreversibly affected as a result of Ashley Madison’s user database being made public.
Consequently, you, or someone you know will probably be affected by one or both of just these two lapses in cyber security.
Carphone Warehouse and Ashley Madison maintain strict security controls to reduce the likelihood of such incidents, yet they still happened. Both are suffering significant costs and reputation damage as a result. Both will contend with the repercussions for a long time to come. These organisations may now have to argue in court whether they could have done more to protect this sensitive information.
How many other organisations, large, small, public, private or charitable, hold your personal information? How many hold your organisation’s confidential data? How long will it be before these firms, too, are breached? How long will it be before your own organisation suffers a similar fate…?
The wider business community urgently needs to learn from the pain these incidents are causing. Every Director of every company needs to look in the mirror and ask some difficult questions:
- Is our company vulnerable to a cyber security incident, and how can we possibly check?
- Where is our data held, by whom, and is it appropriately secured?
- Could our company survive the cost of an incident, or even two incidents in quick succession, and are we taking cyber security seriously enough?
Similar incidents are occurring in smaller UK firms on a daily basis. These incidents often go under the radar, never reaching the press, because the affected companies are afraid to openly admit something has happened. They realise the consequences of an incident’s publicity could result in significant loss of business, or even closure.
Regardless of whether you are a Golf Club or a Haulier you will hold data of value to a malicious individual or group. Taking the example of a Golf Club, a malicious individual can pretend to be the Golf Club and offer fake pension financial products to members. Trust in the golf club’s name can easily be “piggybacked” by a scammer; all that’s needed is members’ names, a little background to establish trust, and confidence to commit the fraud.
The list of malicious opportunities for confidential data is near endless. These opportunities are increasingly attractive as the data can be, in many instances, so easy to acquire.
At first glance cyber security can appear overwhelming. There’s no avoiding the fact that it is a broad and complex set of risks. It is a multi-discipline issue touching nearly every aspect of your organisation.
This said, with the right guidance and education, it can be simple to begin to address the issues in a cost-effective manner.
As a parting thought, cyber risk awareness should not be considered optional; rather as a matter of “survival of the fittest” in the modern world.
Cyber AMI (http://www.cyber-ami.com) is a simple, logical approach to cyber security. It is an online training and assessment platform that reveals your exposures and can save you money on Cyber Essentials, among many other benefits. It needn’t cost the earth to understand cyber risk, Cyber AMI makes approaching cyber security affordable and accessible to all.