PrintIT Reseller - issue 64

01732 759725 40 CYBER-ATTACKS ...continued safeguarded itself and its clients for the future. “We have looked at all of our vulnerabilities and we have fixed them,” Ash said, adding: “Our client’s data has an extra level of protection due to the robust processes and systems in place. We can reassure both prospective and existing customers that we can continue to give the best quality of service with no unnecessary and damaging vulnerabilities.” The ISO rating is also key for manufacturers who partner with Altodigital. The accreditation means it is not only protecting its customers’ data, but also the brand name and reputation of its suppliers, such as Samsung, Canon, Lexmark and Sharp. www.altodigital.com Cyber-attacks have a lasting impact on how firms are run Insurance firm Hiscox revealed that 55 per cent of UK firms have faced a cyber-attack this year, up from 40 per cent last year. Yet UK firms spent less on cyber security than firms elsewhere, it found. Researchers at Warwick Business School found that media reports of a cyber-attack led to a stock market shock as investors sold their shares, but this only lasted a few days. However, security breaches did have a lasting impact on the way firms were run, as they typically paid lower dividends and invested less in research and development up to five years after the attack. Yet Chief Executives were no more likely to be sacked following a data leak. On the contrary, they were more likely to receive an increase in total and incentive pay several years after a security breach. Average CEO pay at firms that were not targeted by hackers fell by more than $2 million a year over the same five-year period. Daniele Bianchi, Assistant Professor of Finance at Warwick Business School, said: “Firms that suffer a data breach do not typically respond by firing the management, but by investing more in the existing CEO. At first sight, these results may look puzzling. “However, they are consistent with the idea that the average response is to invest more in the management to address possible structural flaws, as well as maintaining the integrity of the firm in response to the reputational damage it has suffered. In the long run security breaches appear to have a more significant impact on firms’ strategies and policies than their cash flow.” Onur Tosun, Assistant Professor of Finance at Warwick Business School, said: “Incidents of security breaches that reveal sensitive and confidential information can lead to litigation and government sanctions, but also to a loss of competitive edge against competitors through a reduction of resources dedicated to R&D, dividend payments, or investments more generally. “For this reason, companies are often reluctant to reveal information about security breaches due to fear of both short- term and long-term market reactions. However, many firms won’t have a choice with tighter regulations demanding that firms report data breaches within 72 hours. Cybersecurity will therefore become an increasingly important consideration for companies to avoid the damaging fallout once a breach is made public.” www.wbs.ac.uk Severe penalties for failing to protect customers’ data British Airways may have to pay a record fine of £183 million after the Information Commissioner’s Office, deemed the company had failed to sufficiently protect customers’ data against sophisticated cyber-attacks. Richard Cornell, Information Security Manager at Altodigital, said the case highlights the importance of companies gaining the ISO 27001 accreditation for cyber security. “British Airways is being punished for the data breach which happened simply because it lost control of its supply chain,” he said. “A number of third-party suppliers were supporting BA’s website and one of them was compromised, and nobody spotted it.” Cornell said this highlights the importance of doing everything possible to protect customers’ data to prevent attacks and breaches. “Managing the supply chain correctly is vital to ensure everyone in it is doing everything possible to prevent cyber-attacks. If your suppliers have the ISO 27001 they are far more likely to be in control of what they are doing and minimise data breaches. ISO 27001 is a marker to show companies are taking every precaution they can to prevent the malicious and damaging attacks by cyber criminals.” Alex Bransome, Virtual Cyber Information Security Officer at Doherty Associates, believes British Airways could have done more to keep the front end of their data network secure. “According to the ICO report, there were major weaknesses at the front end of British Airways’ data network via its website which is surprising given this is where all business critical data on customers is processed. “It was a very well planned and targeted attack which allowed cyber criminals to skim off customer data and credit card details. BA should have been doing more to monitor, test and update their security systems to ensure there were no gaps in their cyber defence that hackers could take advantage of. “Commonly organisations make the mistake of deploying security systems and then leaving them but this record £183 million fine is a warning shot that the ICO is serious about fining anyone breaching GDPR regulations. To keep the front door secure and personal data protected at all times, companies must regularly run security checks and update their security systems to ensure any vulnerabilities are identified and patched so no gaps are left for cyber criminals to exploit. If not, they are leaving their customers’ data exposed, risking a GDPR compliance breach and major reputation damage,” he warned. www.doherty.co.uk Our client’s data has an extra level of protection due to the robust processes and systems in place Richard Cornell