Businesses across the globe are constantly facing the threat of cyber-crime and there’s been recent data breaches in the high profile world of football and music.
Both British alternative rock giants Radiohead and Premier League football club have revealed data breaches that had far reaching consequences.
Radiohead went public to say that data files containing many hours of out-takes from iconic album OK Computer had been stolen. Criminals had contacted the band’s management company asking for money to return the files.
In a clever move, the band called the criminals’ bluff, and made the music available in exchange for payments to climate change activist group, Extinction Rebellion.
Meanwhile, singer Tom Yorke described the out-takes as “not very interesting” and others reflected on the accidental irony of the album title…OK Computer!
In the Leicester City incident, a cyber-criminal broke into the club’s online shop and stole data including card holder names, card numbers, expiry dates and CVV numbers – that is all the information generally required to use a card to make an online purchase.
The club responded swiftly, notifying the ICO (Information Commissioner’s Office) of the breach and posting a notice on the club shop website. It later emailed customers with a statement providing further details.
A club statement read: “Upon discovery of the breach, the security of our retail platform was immediately restored and appropriate measures were taken to ensure the security of all other online assets. The club has been in direct contact with all users that were potentially affected by this breach.”
While this prompt response should be applauded, the consequences could be far reaching and the loss of trust with supporters cannot be quantified.
There’s also a further financial threat to the Premier League club as the ICO are investigating the breach, which may well reveal violations of the GDPR (General Data Protection Regulation) and the PCI DSS (Payment Card Industry Data Security Standard).
The club will have to answer as to why it stored card numbers and expiry dates alongside CVV numbers and the ICO could issue a fine of up to £17.8 million, which is probably the equivalent of a new star signing!
These high profile incidents are the tip of a very large iceberg. According to research from Keeper Security, Inc. and the Ponemon Institute, 67% of small businesses experienced a cyber-attack in the past 12 months.
The Global Risks Report 2018, from the World Economic Forum (WEF) ranked cyber=attacks and date theft third in its list of most likely global risks, behind severe weather events and natural disasters,
While the 2019 Cybercrime Report, by Cybersecurity Ventures and the Herjavec Group, predict that cybercrime alone will cost the world more than $6 trillion annually by 2021 – the figure has doubled since 2015.
This internationally respected report says the estimated cost includes damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.”
In the UK, a Freedom of Information request to the Financial Conduct Authority revealed that the number of declared events rose from 69 in 2017 to 819 in 2018.
How do we guard against cyber-crime?
At UK Business IT, we have several services available and , importantly, we offer a free service audit as a starting point.
We can carry out vulnerability risk assessments and advise on any necessary improvements.
Please contact Mark Swann at UK Business IT, firstname.lastname@example.org, or telephone 264455 to begin a conversation about your online security.