Cyber Attacks: Prevention is the Key

Cyber-attacks are on the rise. In the past few weeks, hackers brought down the entire IT network of Waikato District Health Board in New Zealand that led to surgeries being postponed and emergency operations cancelled at public hospitals.

Indeed, this crippling attack was just one among a slew of daily cyber assaults hitting New Zealand’s health and hospital network in recent months, according to the country’s Ministry of Health.

In recent days, we read about a ransomware assault on Ireland’s health network where hackers stole health data of thousands of patients, the ramifications of which are yet to be fully realised. Another recent attack shut down an important United States fuel pipeline last month. Hackers are increasing their cyber-attacks on public health and corporate entities across the world, with their impact increasingly making the headlines, but these attackers are prepared to hit any business, large or small, so why do businesses not make this a priority and treat cyber resilience in much the same way as it does with its health and safety procedures?

After all, a new start up business, for example, will have IP to safeguard and protect, but a vulnerable and unprotected IT and people infrastructure which doesn’t have the necessary protocols to mitigate against cyber-attack, could very much spell the end of a new business before it properly gets off the ground.

The key word here is ‘Prevention.’ The UK Government offers a lot of free guidance and tools, through the National Cyber Security Centre (NCSC) – the cyber division of GCHQ. It has a raft of measures such as a toolkit for company board members which includes ‘Exercise in a Box’ a very useful practice, similar to running a fire drill for your company. Instead, however, you get your team involved in running a mock cyber-attack drill. This will help any business identify any gaps that need to be plugged. It is often lack of staff training that can lead to cyber risk, long before an attack on IT systems causes a problem.

With this support from government, it is now down to each start up to engage with their nearest resilience centre and absorb this valuable support. There is a similar centre in Scotland, The Scottish Business Resilience Centre, also chaired by Paul Atkinson, Chair of Converge, a renowned start up investor.

As cyberattack incidents become more sophisticated, there is a consensus that it will be not ‘if’, but ‘when’ a situation arises. Today’s prime concern in business continuity planning should be about what happens if your management and IT systems go down as a cyber-attack takes hold. Would you know who your customers are? Can you contact them? Can you contact your suppliers? Importantly, Can you still access your bank accounts?

Hacking and online fraud are damaging for any firm but for small businesses, particularly start-ups with limited resources, they can be devastating. One shocking statistic is that 60 per cent of small companies go out of business within six months of falling victim to a data breach or cyber-attack. In recognition of this, Converge will be hosting a special session this autumn to help academic entrepreneurs adopt strategies for fighting cyber threats.

This article by Joanna Goddard, Director of Programmes, Business Resilience International Management (BRIM) and Board Member of Converge appeared in The Scotsman on 10 June 2021.