The Agenci 03455 760 999

Breaking Glass


Cyber Breaches aren’t so easy to see


“Why don’t people take Cyberattacks more seriously?” This was the question posed to me at a meeting recently with other Cyber professionals. It was a rhetorical question, as I don’t have the answer. But it did get me thinking…

As I was walking back from the meeting through the city of London I came across a store front that had been smashed.  The damage was obvious, and the intent was clear. It was a jewellery store. I glanced at the window shook my head and moved on. The next store was also a jewellery store, but had shutters down and presumably was ok.

For a long time, shop owners have had to deal with and risk of ‘smash and grab’, and having their windows smashed. Of course there are numerous ways they work to reduce the risk, including using toughened glass, shutters, CCTV and alarms. Some of these controls are preventative, and some responsive. This is true of most retailers and it is the cost of doing business in that market.

 

Broken Glass

What I saw was a visible representation of an attack on a business. Immediately my sympathy went out to the owner, and it would not make me trust the owner any less, nor would it prevent me shopping there in the future.  The damage and impact was clear to see. But what about a Cyberattack?

In a survey by “PCI Pal” it revealed that 44 per cent of UK consumers will stop spending with a company if they are involved in a data breach. No hint of sympathy here. Yet in another survey we hear how 88% of UK organisations reported suffering a data breach in the last 12 months (Carbon Black – UK Threat Report).  But when I speak to organisations and ask “Have you suffered a breach?” The standard response is “No. Not us.” So what’s going on?

 

Plausible Denial.

Firstly, the ‘broken glass’ of a cyberattack is far less obvious and clear to see, and therefore most people aren’t even aware the attack has taken place.  Secondly, even if they were aware of it, it doesn’t take a Cybersecurity risk assessor to know that the impact could be both financial and highly embarrassing (potentially leading to loss of revenue, customers, suppliers etc).

It is for this reason that I believe many organisations are not looking for the broken glass.  If they don’t know the window is broken, and no one has mentioned it, then they can plausible deny that they have been impacted by a breach/attack.

 

Why don’t people take Cyberattacks more seriously?

So the question posed to me at the meeting is a good question, but I believe the answer is multi-faceted. It is a ‘hidden’ problem; There is no ‘broken glass’ for the world to see.  Sympathy for those attacked is less forthcoming and therefore those who are attacked are more likely to hide the fact (until someone ‘outs them’).  People don’t go looking for the broken glass; The shop owner doesn’t

check his store window to make sure it is still intact. They assume someone will tell them if it’s broken.  The same happens online. Ignorance is bliss (as the saying goes).

 

The Truth? You can’t handle the truth!

When the World Wide Web came into prominence having a website was said to be like “Having your shops window online for the whole world to see.” Amazing! Suddenly a business in Birmingham UK, could sell to residents in Birmingham, USA!

But if your online store is your Shop Window, shouldn’t you be protecting it from the virtual bricks being thrown at it?

If I came to your store in your town, on your street. I would physically need to be there, and I would have 1 brick (potentially) to throw. One chance and one chance only.  But your online store is different… I can throw millions of bricks at that. I can do it whenever and for however long I want to, and I can be anywhere in the world.

The chances of you seeing me is low… unless you’re paying attention.

The chances of you catching me is low … unless you know what to do.

The chances of you telling anyone is low … because you don’t want to cause further damage.

I don’t think that people don’t care about Cyberattacks.  I just feel people would rather not know the truth.

 

Author

Agenci Information Security is responsible for protecting businesses from cyber threats, cyber-attack, internal threats and business outages. Agenci Information Security ensures clients systems are secure and provide peace of mind through a range of proven specialist information security solutions.


Please contact us here to speak to a member of our team.