The importance of cyber security has received unprecedented scrutiny this year, and the most recent Government regulation announced in August demonstrates the intensifying consequences of inadequate security measures. The proposal warns companies that they could face fines of up to £17m, or four percent of annual turnover, if their security is not up to scratch.
Due to be implemented in May 2018, the Security of Network and Information Systems (NIS) directive is targeted at UK essential service operators and forms part of a £1.9bn national cyber security strategy. Despite being aimed at critical national infrastructures – including electricity, transport, water and energy services – the proposal serves as a warning to all businesses that neglecting cyber security will not be tolerated.
As shown in the attack on Spanish telecoms giant Telefónica in May 2017, the telecommunications industry is becoming increasingly vulnerable to cyberattacks. Indeed, the nature of the industry deems it at high-risk of attack, as it builds, controls and operates critical infrastructure utilised to communicate and store large amounts of highly sensitive and prized customer information.
Such attacks cripple systems with malicious software, such as the ‘WannaCry’ virus, often locking the computers and demanding ransoms. As with WannaCry, the damage is then inflicted by encrypting the personal files stored on the computer, causing serious implications for data protection. Indeed, according to corporate and insurance law firm RPC, ransomware is now the most likely cyber-threat to UK businesses. It claims 25 percent of all major cyberattacks involve an attempt to get businesses to pay a ransom to retrieve their data.
The recent hit on TalkTalk, which faced a record fine for data breaches, shows that failure to meet security standards and adequately protect customer data is already met with hefty consequences. The mobile carrier was ordered to pay £400,000 by the Information Commissioner’s Office (ICO) for security failings that led to theft of 150,000 customers’ details, including bank account numbers, addresses, dates of birth and contact details.
A large fine was not the only detriment to the company. TalkTalk’s reputation severely suffered, with 101,000 customers leaving the firm’s services. The company also revealed that the attack had cost it £42m.
Ultimately, the upcoming Government implementation and TalkTalk’s suffering serve as a caution to all businesses – especially those in the Telecoms industry – of the importance of cyber security. Companies must remain diligent and vigilant, not only to adhere to their duty concerning the law, but also their duty to customers.
Give SA1 Telecoms a call on 01792 439087 and we can assist you to ensure your business is safe from telephony attacks.