Security attacks, hacking, viruses, malware & phishing
Cyber security attacks: They are all over the news:
Back in May, Ticketmaster owner Live Nation confirmed “unauthorised activity” on its database. The personal details of 560 million customers, including order history, payment information, name, address and email data, were leaked online and offered for sale by hackers who infiltrated Ticketmaster’s systems The hacking group was reportedly demanding a $500,000 (£400,000) ransom payment to prevent the data from being sold to other parties.
Then in August, we learned that the personal details of Ukrainian refugees and the families offering to house them were exposed online in serious data breach. Personal data from an Angus Council online test system was released into the public domain via posts to two closed Homes for Ukraine themed Facebook groups.
Shortly afterwards, in September, Transport for London (TfL) detected suspicious activity on their IT systems. This led to the discovery of a significant cyber attack that involved unauthorised access to customer and staff data. Nearly 5,000 customers were impacted by the data breach, confirming that customer names and contact details were accessed and the possibility that bank account numbers, sort codes and Oyster card refund data may have also been accessed.
An significant increase in breaches at businesses & charities
According to the UK Government Official Statistics, the Cyber Security Breaches Survey 2024 reveals that around half of businesses (50%) and around a third of charities (32%) have experienced a cyber security breach or attack in the last 12 months. This accounts for approximately 718,000 businesses and 65,000 registered charities. Last year, it was around 462,000 businesses and 48,000 registered charities.
Among the 32% of charities identifying breaches or attacks, around one in ten (12%) have negative outcomes. Disruption to websites, and the temporary loss of access to files or networks are the most commonly reported outcomes.
Percentage of organisations that have identified breaches or attacks in the last 12 months
All types of education institutions are more likely to have identified cyber security breaches or attacks in the last 12 months than the average UK business. 52% primary schools identified a breach or attack in the past year. 71% of secondary schools identified a breach or attack in the past year. The report goes on to state that across all UK businesses, there were approximately 7.78 million cyber crimes of all types in the last 12 months. In the charity sector, it is estimated that UK charities have experienced approximately 924,000 cyber crimes of all types over this same period.
The education sector remains a target for cyber crime
Alarmingly, 97% of higher education institutions and 86% further education colleges also reported experiencing breaches or attacks. Last year, only 50% of higher education institutions and three in ten further education colleges (31%) reported experiencing a breach.
Percentage of organisations that have identified breaches or attacks in the last 12 months
What is cyber crime?
Cyber crime involves gaining unauthorised access, or causing damage, to computers, networks, data or other digital devices, or the information held on those devices. Examples of cyber crime include hacking or unauthorised access into online accounts (eg. banking, email or social media accounts), denial of service attacks, or devices being infected by a virus or other malicious software (including ransomware) as well as phishing attacks where staff unintentionally open an attachment in an email.
The most common form of cyber crime
According to the report, the most common breach reported in the last 12 months is phishing – such as staff receiving fraudulent emails or being directed to fraudulent websites. (90% of businesses and 94% of charities). This is followed by others impersonating organisations in emails or online and then viruses or other malware.
Percentage of organisations that have identified the following types of cybercrime in the last 12 months
Over half of businesses (53%) and just under half of charities (45%) say these breaches occur once a month or more often, and a third of businesses (32%) and a fifth of charities (20%) say they experience breaches or attacks at least once a week.
Alarmingly, not much action had been taken by those organisations who have experienced an attack. The report reveals a more significant proportion of charities than businesses have made people-related changes (41% and 28% respectively) compared to technical changes (29% for both). For both groups, fewer decided to make changes to their governance processes (4% of businesses and 6% of charities).
Percentage of organisations that have done any of the following since their most disruptive breach of attack of the last 12 months
How secure is your organisation?
Cyber threats are here to stay – and are becoming more and more prevalent as well as sophisticated.
Every organisation in every sector holds vast amounts of valuable data – personal data of children, staff bank accounts and addresses, medical records, and much more. This data is your most valuable asset and needs to be protected.
From password policies and agreed processes around phishing to a VPN for staff connecting remotely and rules for storing and moving personal data securely, how resilient is your organisation to cyber incidents?
Boost your cyber resilience
Cyber security needs to become a top priority for everyone – large enterprises, public sector organisations, SMEs, schools, and charities – no-one is exempt, and we all have the potential to be hacked.
From developing a formal cyber security strategy and deploying malware protection, to staff training about phishing and becoming independently certified by the government-endorsed Cyber Essentials scheme, there are several steps you can introduce to better protect your organisation from the threat of cyber crime.
Find out how we help organisations become prepared and protected against cybercrime right here.