Burglars rarely come in through the front door – they slip round the back and squeeze through the downstairs toilet window that’s unwittingly been left unlocked. Their online counterparts do the same thing and so when it comes to cyber security it’s important to identify these innocuous weak spots in your digital fencing.
Most businesses put a high priority on protecting their commercial networks as standard and have firewalls in place to fend off unwanted attacks. But there are often many industrial control systems that link in to the main IT network that are simply left on the latch.
How, for example, is your air conditioning system connected to your network and do you know what level of security it’s got to stop hackers using it as an access point to more sensitive commercial information?
We’ve seen numerous examples of air conditioning systems that still have the six digit password set at 123456 long after they’ve been installed. Breaking such simple passwords is hardly a sophisticated process and once in control of your network hackers can then wreak havoc and relieve businesses of seven figure sums within seconds.
But it’s not just theft that’s the issue and if hackers wheedle their way into your industrial control systems they can effectively hold you to ransom. In some attacks USB keys are used to infect computers with malicious software designed to seek out and attack these industrial control systems.
Once hackers are at the helm they then can create all sorts of problems from changing the ingredient mix in food production lines to starting sprinkler systems or stopping industrial furnaces from shutting down. These industrial control systems are designed to operate machinery rather than fend off sophisticated cyber attacks and so it’s imperative you understand how they’re protected.
The first line of cyber defence is good risk management and making sure that you don’t present an easy target to criminals. In practice this entails a digital survey by experts who can check all of the basics are in place, identify where weaknesses exist and install protection improvements where necessary.
Good risk management also means establishing sound operational procedures and then communicating them effectively with employees.
It’s also important not to fall into the trap of thinking you’re too small to flash up on a cyber criminal’s radar. Over a third of global targeted attacks are aimed at businesses with less than 250 employees and unwary SMEs are a lot more enticing to criminals than bigger firms with entire departments dedicated to digital security.
On the back of a robust risk management survey it’s easier to understand exactly where your risk lies and then procure the right level of insurance. All cyber policies are not the same and there’s a tendency in the market to offer cyber cover as part of a commercial combined policy. Such add-on policies rarely provide the cover needed and so it’s essential to understand what’s insured.
Does, for example, the policy include first and third party cover? What sort of practical and financial support does it provide for managing the reputational damage of a cyber attack? Then there’s the business continuity angle to consider because if your systems are down you could suffer a significant loss of income while you root out the problem and get them up and running again.
If your cyber policy doesn’t have the scope and limits of cover that you need then recovering quickly from a cyber attack will be a lot more difficult. That’s why we believe cyber insurance is an important insurance for your business to consider and why we’ve developed the expertise necessary to provide informed and detailed advice.
If you want to find out more about the cyber threats faced by your business and how we could help then please contact us or call 01494 450011.