Scottish firms may suffer from debilitating cyber-attacks in the future if they don't pull up their socks and improve their cyber-security protocols, says Robert O’Brien, CEO of MetaCompliance.
O'Brien claims severe penalties imposed by the upcoming GDPR could potentially end businesses or cause “severe financial consequences.” Noting that the number of businesses victimised by cyber-crime have doubled in a year, he added that an alarmingly large number of Scottish firms are still not aware of the ills of cyber-attacks and how such events could affect their fortunes.
“The number of business affected in UK has almost doubled in a year. The surge of attacks highlights the startling threat to the business community and the alarming potential for floods of personal details to fall into the hands of thieves," he said.
“Research suggests that a worrying number of UK businesses believe GDPR will not affect them, especially in light of Brexit. However, the very future of Scottish companies dealing with European data depends on them understanding and complying with GDPR law - which the UK Government has pledged to adopt regardless of Brexit. GDPR will require organisations doing business in the EU and the UK to disclose major data breaches - including those stemming from cyber-attacks - to data protection authorities and affected customers," he added.
The General Data Protection Regulation (GDPR) will take effect from May 2018. As per its rules, businesses that store customer data and fail to protect them from cyber-attacks will be liable to pay either 4% of their annual worldwide turnover or €20 million, whichever will be higher. As such, the total costs incurred by such firms because of their failure to protect customer data may go up to £122bn from a mere £1.4bn in 2015. The message behind the new regulations is for large firms to either pull up their socks or face impending financial ruin and loss of face.
The British Government is also offering an ambitious and helpful 'Cyber Essentials' accreditation programme for enterprises. The programme aims to help companies strengthen their IT systems, implement the latest cyber security practices and effectively handle and protect customer data. To ensure more companies join the programme, the government has mandated that those without accreditation will not be able to bid for government contracts.
A number of Scottish firms have already suffered from low to high degrees of cyber-attacks. Back in February of last year, an employee of a Scottish telecom firm was conned out of £18 million by cyber-criminals posing as his boss. The callers use the company jargon and they play on time differences and pressure. So, the message we want to get out is to be aware, to ask the questions and do the due diligence when pressure is put on you," said Detective chief inspector Kenny Thomson of Police Scotland's economic crime and financial investigation unit.
Speaking about the growing menace of phishing, whaling and other kinds of cyber-crimes, Laurance Dine, Verizon's managing principal for investigative response said that increasing cyber security awareness is crucial to stemming the rising tide. "Phishing is an entry point that we are seeing over and over and over again for your opportunistic hackers. That is where we are going. That is what we have got to do. We have got to make people aware: 'Be careful and do not click on that link," he said.
“For all businesses, the first line of defence is employees and it is vital that they are given the training and education to ensure no doors are left open for hackers. It important that everyone is fully aware of their responsibilities to take the right steps to minimise risk from cyber criminals,” O'Brien concluded.