The cost of cybercrime is high! No news here, I think everyone knows that. Many studies have been made and published showing the cost of cybercrime is high and getting higher each year. Still when a company then publish their latest quarterly financial results you can’t help feeling surprised (or shocked even) about the true cost of cybercrime.
Remember TalkTalk? They are the Telecoms company that had an attack last year in which personal information and credit card information of some of their customers were stolen. The latest Q3FY16 trading update from TalkTalk now reveals the cost of this attack:
- Total cost of cyber-attack was £60m
- Of which trading impact is £15m;
- And exceptional costs £40m-£45m
Reading the Q3FY16 trading update from TalkTalk it is quite interesting to see that the way you chose to communicate and be transparent after a cyber-attack can actually help your brand.
Dido Harding, TalkTalk CEO: “In fact trust in the TalkTalk brand has improved since just after the attack and consideration is higher now than it was before the incident.“
Perhaps you are thinking this only happens to the big companies. My company is small and does not really have a lot to steal so it won’t happen here.
In reality every company has information that can be turned into a profit for a cybercriminal such as personally identifiable information (PII), credit card information, customer information, intellectual property, etc. Sometimes you might have information that can be used to break into another company, for example VPN access codes or it could be information that could be used to intercept the transport of valuables or information.
The other reality is that cybercriminals often prefer to target small companies instead of the large companies. Yes there might be more “street cred” in a large well-known brand, but more often than not it is far easier to breach a small company that might not have invested in any cyber defence of significance.
So how can businesses protect themselves?
Government initiatives such as Get Safe Online provide lots of advice on staying secure, as well as links to useful anti-virus tools. There is Cyber Essentials , the UK Government scheme that could prevent around 80% of cyber-attacks.
ISO 27001 is another obvious choice. This international standard helps to establish controls that will both aid in prevention of cyber-attacks as well as controls that enables detection, respond and recover capabilities.
Compared to the cost of nothing, the cost of these various programmes are insignificant.
In JSC Consultant our approach is:
- All our Senior Consultants have an extensive background in business
- They also have many years of ISO 27001 training, assessment and implementation experience
- No project is the same and hence time is spent understanding the specific situation of the client
- Projects typically include a thorough gap analysis and risk assessment as input for the system design
So if you are considering ISO 27001 call us now to discuss how we can help you design and implement a great ISO 27001 compliant Information Security Management System and avoid all the pitfalls.