As the Scottish schools begin to break up and holidays begin, many organisations move to a slower pace over summer. Unfortunately, cyber attacks don't take a break.
The growing risk of a cyber incident means it is an issue that should remain on every organisation’s radar even as holidays (and hopefully some summer sun) appear on the horizon.
Cyber crime can include hacking, phishing, or using malicious software, which are deployed to access data – this usually leads to financial loss for an organisation, and gain for the threat actor. Recent statistics released in Scotland show that, in 2023-24, an estimated 16,910 cyber-crimes were recorded by the police in Scotland – this represents an increase of over 9,000 (over 200%) from the pre-pandemic rate recorded in 2019-2020.We always recommend that affected organisations report a cyber incident to, and engage with, the appropriate agencies. However, cyber attacks are often not reported to the police, so the real cyber-crimes figures are likely much higher.
Threats can come from organised groups, with specific targets, as well as more generic attacks. Targeted attacks are not uncommon, and nation state actors may sometimes be responsible for these types of attack. Earlier this year the UK Government called out threat actors associated with China for carrying out malicious cyber activities, targeting UK institutions and individuals.
Often when organisations think of cyber attacks the first thought is data breaches and the risks that come with unauthorised access to personal data, often in the form of ransomware attacks. However, another risk for organisations impacted by a cyber attack, targeted or otherwise, is the risk of inability to access systems, otherwise known as ‘denial of service’. Over the summer key events, such as the general election, the Euros and the Olympics, can generate interest, exposure, opportunities and income for organisations. A well-timed cyber attack could compromise the provision of key services, resulting in significant loss and reputational damage. Being unable to provide business as usual services, also brings a risk of being in contractual breach, with knock-on legal and financial exposure.
There are a number of steps that organisations can take now to mitigate and prevent the impact of cyber crime on their operations. These include knowing the organisational “crown jewels” and how these are protected as an important first step to maintaining business and usual services in the event of a cyber attack. Having a stress-tested incident response plan can help a business respond quickly to any incident and mitigate the impact on services, preventing a full denial of service.
Burness Paull’s leading cyber security, data protection and group litigation experts have significant experience in managing cyber security risks and best practices. Our team are on hand to support you on your cyber resilience journey, from implementing protective measures to handling a full-scale incident. Please get in touch with nick.warrillow@burnesspaull.com or louise.mcerlean@burnesspaull.com to discuss your needs.
