Scottish companies warned on cyber security

The Scottish Business Resilience Centre (SRBC) has warned Scottish firms to step up their cyber security measures - especially if the internet is a fundamental part of their supply chain.

Scottish companies warned on cyber security
Scottish companies warned on cyber security

In an advisory released late on Monday, the SRBC cited an example of an anonymous single supplier that had to be shut down as a result of a cyber-attack and warned that the same could happen again, especially if targeted companies use the internet for an operational part of their business.

SBRC cyber security consultant Oren Benshabat told the BBC: "Hackers who get into a company's network could bring a business to its knees with just a few clicks of a mouse.

"When people think of the supply chain they often just think about manufacturers, wholesalers and retailers, but recently there is another side of the chain which has emerged.

"The cyber supply chain includes operations involving information and communication technologies, software distribution and operations within the cloud which is the backbone of today's digital economy.

"No supply chain is without its threats but we have to make businesses aware of the increasing attacks from the cyber side of the chain."

The SRBC- which is funded by several public and private partners, including the Scottish government, police force, fire service and Association of Scottish Clearing Banks – says that attacks could result in a loss of vital customer details.

This warning comes a month after the same news corporation found that a group of Russian cyber-criminals were targeting Scottish firms, with an increasing focus on small and medium-sized enterprises operating in agriculture or the financial sector.

David Robinson, chief security officer at Fujitsu UK & Ireland, told SCMagazineUK.com that it's concerning that breach costs continue to rise, but further warned that consumer tolerance for data breaches is at an all-time low

“The issue for businesses is that consumer tolerance for data loss is at an all-time low. Research from Fujitsu UK & Ireland suggested a lack of consumer trust in organisations, with only nine percent stating that they believed organisations were doing enough to secure their data. This research also revealed that a security breach, which leads to the loss of personal information, could lead to a massive seven in ten choosing to switch their banks. What is more worrying is that only a third of financial services organisations are ‘very' confident that they would be able to guarantee security measures in the event of an IT collapse.

“With consumers battling to understand the impact on their personal information if a company is hacked, organisations can no longer afford to make mistakes in security.”

Edward Savage, cyber security expert at PA Consulting Group, added in an email exchange with SC UK that reviewing the SMB supply chain security can be a troublesome task, but said that policy is a good place to start.

“Reviewing the security of a companies' supply chain can be like painting the Forth Bridge.  However, a few simple questions can quickly reveal quite a lot,” he said.

“A risk-based approach, which addresses people and physical security as well as technology, is the core of good practice.  Many smaller companies have found the PAS 555 Cyber Security Standard useful, because it tells them what good looks like, without requiring a large corporate approach to delivering it.”