Paul Day, technical director of specialist document management company Filestream, is an expert in GDPR and compliance. He warns about the increased risks of cyber attacks on the SME sector during 2024 and what the impacts of such an attack can be
By Paul Day, technical director of specialist document management company Filestream. Paul is an expert in GDPR and supports his document management clients around cyber-security and keeping their data safe. Filestream works with companies including Anglia Farmers, University of Hull, Kingsley Health Care, Carnival UK, Scania and BNP Paribas.
As 2024 arrives, the threat around cyber attacks, ransomware and hackers grows ever greater. Understanding the risks and legal responsibilities around personal data will become even more important.
It is predicted that there will be increasing threats in 2024 around the increased use of AI by criminals – and also the increased use of AI to defend against criminal attacks.
It is believed that ransomware attacks will become more prevalent in the SME sector, moving away from larger corporates and that hackers will go for weak links in supply chains to cause havoc. There is also worry in the world of IT globally about skills shortages and recruitment of talent to keep ahead of the criminal curve.
Here are just some thoughts around the reality of the situation we now face in our ever-connected world. As AI and technology advances – so do the criminals who wish to exploit it.
Can hackers still sell your data?
Billions of 'pieces' of personal information is stolen every year because of data breaches. Hackers bundle personal information with other stolen data and sell it en masse to other criminals on the dark web.
A social security number may sell for as little as 78p. Credit card, debit card and banking info can go for as much as £86. Usernames and passwords for non-financial institution logins are around 78p, but it can range from £15 to £156 for login info for online payment platforms.
How might that data be used?
Just two examples are: identity theft – a victim's personal information can be used to gain benefits for a criminal at the expense of a victim. This might include taking out credit cards and/or loans in their victims' names and another is account takeover. Here criminals steal login credentials to break into accounts that store payment details such as shopping accounts. They then change the password so that the victim cannot get into the account and then they shop at a victim's expense.
Then there are the big hack attacks such as the MoveIt attack earlier in the year which hit many big companies. The impact of this one attack is still coming to light.
Is phishing still a thing?
The answer is yes. A phishing scam occurs when a victim is tricked into handing over data and some are extremely sophisticated now. It can be done over the phone, via a social media message or emails. Increasingly these can appear legitimate as they are from known contacts or via platforms a victim uses regularly.
According to a recent consumer study by Nat West, 37 per cent of scams in the year to 23 October were phishing scams. The bank's fraud team interviewed 2,000 people to gather the data. Phishing scams came top followed by friend and family scams (urgent texts or messages asking for money in an emergency posing as a family member) and the third is get-rich-quick scams, usually offering a wonderful (but phoney) investment opportunity.
What are the penalties for companies and organisations which suffer a data breach?
In the UK they can be large – though the enforcement body The Office of the Information Commissioner or ICO – does prefer to work with an organisation to resolve issues if possible.
It can enforce various penalties including assessment notices, warnings, reprimands and it can issue fines of up to £17.5 million or four per cent of annual world wide turnover – whichever is the higher.
Recent reprimands for disclosing people's information inappropriately were issued to organisations including University Hospitals Dorset Foundation NHS Trust, Ministry of Justice and Thames Valley Police (between April and June 2023).
In recent years some of the biggest fines have been:
How can a company avoid this?
Being cyber aware, knowing the requirements of GDPR, working with trusted IT providers with good knowledge around these matters to minimise and mitigate an ever-increasing risk. This is an ever-evolving landscape and the key is to work oin an ongoing way with a trusted partner. Strong management of online data and 'paperwork' is needed and often free services are not as secure as business owners 'hope' they are.
Register now to receive free email alerts of press releases or login to manage your preferences. You can also subscribe to RSS feeds of press releases by category or keyword here.
Sign up to receive press release alerts of your choice by email, or manage your subscription
Journalist enquiries to PRs.
Featured recruiter: click to view its vacancies
New digital journal covering inflation and rate setting seeks a talented writer with experience as a financial journalist to use data to produce specialist content
Subscribe to our newsletter for latest news, tips, jobs and more
End that deadline stress today and find help in our freelance directory
Personal trainer James Hilton has launched a podcast 'Jim's Gym - Inspiring Movement'. James, a specialist in biomechanics and injury recovery from the Cotswolds, runs Jim's Gym, a virtual online space supporting people over 55 to be more active
Our next Newsrewired conference will be in May 2025, London.
Conferences and study weeks are fantastic opportunities to get the latest updates on the industry and network with your peers
Awards are a great way to have your hard work recognised by industry experts and celebrate your teams. Here is where you can apply
If you find your social feeds a tad too heavy on men's voices, follow and connect with these fantastic women experts on indie media
How do you move print readers to digital? Are there other ways to hold on to subscribers besides a last-ditch deal?