A recent article on the BBC news website highlighted an incident at Eurofins, one of the UK’s largest forensic service providers. In June 2019 a ransomware attack severely affected the lab’s ability to provide their services to the Police. Work had to be suspended for seven weeks resulting in investigations and trials being delayed.

A senior manager at the company commented that cyber-crime could happen to any organisation, warning “It’s a threat to society” and all business sectors are vulnerable.

A cyber-readiness report from Hiscox in 2019 found that a significant majority of the firms surveyed reported that they had experienced one or more cyber-attacks with 61% reporting an attack last year, up from 45% the previous year.

The report also stated that the scale of ransom demands has risen, cyber-crime is now an unavoidable cost of doing business today.

What is Ransomware

Computer-infected-by-ransomware-virusCyber criminals target victims and infect their computers with malicious software. The software locks and encrypts the computer’s data to prevent access to the user. A ransom demand is then made to get your data unlocked. However, there is no guarantee your data will be unlocked after you have paid. More sophisticated criminal gangs target business networks and can cause chaos by encrypting multiple devices at once.

Phishing by hackers is one of the main methods used to gain access to computer networks. Targeting a user with what looks like a legitimate email to get them to open an attachment or click on a link that installs malware on their network and enables hackers to steal usernames and login details. Training for your employees is vital to make them aware of the risks.

Another approach by hackers is trying multiple usernames and password combinations in the hope that one will work so they can gain access to your computer network.

Just as effective is a Denial of Service attack where multiple machines bombard a single host with server requests until the server crashes and leaves your computer network unavailable until a solution can be found.

Cyber-crime protection with ISO 27001 certification

ISO 27001 is an internationally recognised Information Security Management System (ISMS). Certification to ISO 27001 will provide a framework to help you to manage the risks, train your employees, monitor and control your system networks and continually improve your management system. The ISO 27001 certification process will keep all your information assets secure by setting up a framework which would include:
  • Risk assessments covering where your data is stored and identifying any vulnerabilities
  • Training your employees to spot suspicious emails and warning them against opening attachments and links from unknown senders. This is very often the method used by cyber-criminals to spread malware.
  • Improving system security including firewalls, network management, anti-virus protection, access control, asset management, software installation, patch management, password management, back-ups and audits are some of the measures in the framework
  • Process for responding to a cyber-attack to mitigate the damage and repair the system to get you back up and running as soon as possible
  • Reporting, monitoring and logging activities to continually improve your system and keep up to date with the latest requirements.
The ISO 27001 ISMS covers more than just loss through cyber-attack. It also includes data loss or damage caused by natural disasters, theft and mismanagement.

Cyber-crime can have other devastating effects on your business. Legal regulations may have been breached and claims for compensation will have to be dealt with if sensitive information about your customers or suppliers gets into the wrong hands.

The ensuing adverse publicity and damage to your reputation will need to be managed to minimise the effect on your business.

You may have to bring in experts to fix the breach of your computer systems and consider how you will cover any financial losses.

Implementing ISO 27001 will provide a framework for identifying cyber risks to your business and establish processes needed to protect your information assets.
To find out more about the benefits of ISO 27001 ISMS, call one of our team on 0121 241 2299 or request a quote.