TSG Cyber Control: Strengthening your security for your IT environment

Cyberattacks on businesses have become a prevalent and growing threat in recent years, including in the UK. These attacks can have severe financial, reputational, and operational consequences.

Here are some examples of notable cyberattacks in the UK over the last three years, highlighting the importance of cyber protection:

SolarWinds Supply Chain Attack (2020): While SolarWinds is an American company, this massive supply chain attack had global implications, including in the UK. Hackers compromised SolarWinds’ software updates, allowing them to infiltrate the networks of numerous organisations, including government agencies and businesses. This incident emphasized the vulnerability of supply chains and the need for robust cybersecurity measures.

Royal Mail ransomware attack (2022/23): It began in November of 2022 when the Emotet malware was detected on Royal Mail servers. Then in early January 2023, Royal Mail was subject to a ransomware attack by an affiliate using LockBit Ransomware-as-a-Service (RaaS). This attack affected a distribution centre near Belfast, Northern Ireland, where the printers began printing the ransomware gang’s demands. The attack mainly affected international deliveries, and early advice was to use alternate carriers. The UK government declared Royal Mail part of the nation’s Critical National Infrastructure (CNI), so the National Cyber Security Centre (NCSC) and other UK agencies will likely become involved early.

EasyJet Data Breach (2020): In May 2020, EasyJet, a prominent UK-based airline, disclosed a data breach that exposed the personal information of approximately 9 million customers. The breach resulted from a cyberattack, highlighting the potential legal and reputational consequences of failing to protect customer data. JD Sports (2023): Confirmed in January 2023 that it had leaked the personal information of 10 million customers. The fashion retailer said the breached information included names, billing and delivery addresses, phone numbers, order details and the final four digits of payment cards of “approximately 10 million unique customers”.

Biggest data breach of 2023 so far: Twitter (220 million breached records) Biggest data breach in the UK: Electoral Commission (40 million breached records) Most breached sectors: Healthcare (229), education (126), public (106)

You need to have cyber protection for several reasons:

Data Protection: Cyber attacks can result in data breaches, exposing sensitive customer information, financial data, and intellectual property. Protecting this data is not only a legal requirement (under GDPR in Europe) but also essential for maintaining customer trust.

Operational Resilience: Cyber attacks can disrupt business operations, leading to downtime, lost revenue, and increased recovery costs. Having robust cyber protection measures in place helps ensure business continuity.

Reputation Management: A cyber incident can damage a company’s reputation and erode customer trust. Cyber protection measures help prevent such incidents and demonstrate a commitment to safeguarding customer interests.

Legal and Regulatory Compliance: Many industries have strict cyber security regulations and compliance requirements. Failing to meet these standards can result in fines and legal consequences.

Financial Impacts: Cyber attacks can be expensive, with costs related to incident response, recovery, legal actions, and potential fines. Cyber insurance can help mitigate these financial risks.

Intellectual Property Protection: Businesses invest heavily in intellectual property and proprietary information. Cyber attacks can lead to the theft or compromise of these assets, affecting competitiveness.

Supply Chain Risks: As seen in the SolarWinds incident, supply chains are increasingly targeted. Protecting against such threats is crucial for organisations that rely on third-party software or services.

Cyber attacks pose a significant and evolving threat to businesses of all sizes in the UK and worldwide. Recent incidents have demonstrated the need for robust cyber protection measures to safeguard data, operations, reputation, and compliance. You must prioritise cyber security to mitigate risks and ensure the long-term resilience of your organisation and TSG are here to help.

Cyber attacks are no longer a question of if they will strike but when.

Cyber Essentials is a government-backed certification that helps you guard against cyber-attacks. It covers five key security controls: Multi Factor Authentication, up-to-date hardware, regular patch management, Antivirus, and Firewall.

You can learn more about Cyber Essentials here: https://www.tsg.com/insights/why-a-cyber-essentials-certification-is-essential-to-your-business/

Cyber Essentials Plus is a more rigorous version of Cyber Essentials that requires an on-site audit and a more comprehensive vulnerability scan.

You can learn more about the difference between Cyber Essentials and Cyber Essentials Plus – https://www.tsg.com/services/risk-and-security/certification-compliance/cyber-essentials/

A Vulnerability Assessment is a scan of your internet facing services that identifies and prioritises vulnerabilities that cyber hackers could exploit. It helps you understand your exposure and risk level, and provides recommendations to fix the vulnerabilities.

A CISO Brief is a quarterly executive briefing from our Chief Information Security Officer that gives you an overview of the latest cyber threats and trends affecting SME businesses like yours. It helps you stay informed and prepared for evolving cyber threats, and provides best practices and tips to improve your cyber security.

A Cyber Control Audit & Report is a yearly check that verifies that you have the relevant security controls in place and provides a report highlighting vulnerabilities and recommendations. It helps you measure your cyber security performance and compliance, and provides guidance to improve your security posture.