Why You Must Report A Cyber Attack

Cyber incidents can have dire consequences. The theft of private, financial, or other sensitive data and cyber attacks that damage computer systems can cause lasting harm to anyone engaged in personal or commercial online transactions. Such risks are increasingly faced by businesses, consumers, and every other Internet user. 

Once you’ve suffered a cyber attack, much of the damage has already been done. There’s no way to make the disruption disappear or to circumvent your data breach notification requirements.  Ignoring the attack or your regulatory obligations will only make things worse.

Under the General Data Protection Regulations (GDPR) EU organisations are required to notify their relevant supervisory authority within 72 hours of discovering certain types of data breach. Specifically, you must notify your supervisory authority if the incident “poses a risk to the rights and freedoms of natural living persons”.Additionally, you must notify affected individuals if the incident results in a “high risk”.

Before you contact anyone, you must identify whether the data breach meets that threshold. That might seem like even more work, but it can have significant short, and long-term benefits. For example, reporting an incident allows individuals to look out for suspicious activity, such as money disappearing from their bank accounts, and enables them to take steps to protect themselves.

Notification also helps other organisations prepare for similar attacks. Criminals often reuse successful techniques, whether it’s a particular scam method or a network vulnerability, and officially announcing this threat gives organisations time to address the issue. If all organisations do this, you will benefit massively in the long run.

This issue connects to a far bigger problem - that no one is truly aware of just how big the threat of cyber crime is. The number of reported incidents has surged in the past few years, but experts suspect there are still a vast number of unreported breaches.

If there was more transparency, organisations would realise how important it is to address cyber security. It would also make criminals’ jobs harder. As it is, cyber crime is practically a no-risk venture: whether you succeed or fail, you fly under the radar and almost certainly won’t face any consequences. Organisations might counter these points by noting that very few cyber criminals are identified even when cyber crime is reported.

A survey by the National Crime Agency found that only 38% of respondents are confident that law enforcement responds appropriately to cyber attacks.

This problem is made worse by the low level of conviction and the light punishment that convicted cyber criminals receive. Cyber security journalist Brian Krebs reports on the prosecution of cyber criminals and, commenting on one case, “Courts around the world continue to send a clear message that young men essentially can do whatever they like when it comes to DDoS attacks and that there will be no serious consequences as a result. ...if we don’t have the stomach to put these “talented young hackers” in jail when they’re ultimately found guilty, perhaps we should consider harnessing their skills in less draconian but still meaningfully punitive ways.. such as requiring them to serve several years participating in programs designed to keep other kids from follow.”

Breached organisations aren’t the only ones that need reconsider the value of identifying and responding to cyber attacks. It requires a coordinated effort from everybody involved to appreciate the magnitude of the problem and how to reduce it. Cyber crime continues to rise in scale and complexity, affecting essential services, businesses and private individuals alike. It costs the UK billions of pounds, causes untold damage, and threatens national security. 

Organisations’ responses should include a detailed breach notification procedure, but it’s just as important to fortify defences and mitigate the threat of attacks.

DHS:     NCA:    NCSC:      IT Governance:      IT Governance:     Digital Social Care:   

University of Michigan:     Brian Krebs:

You Might Also Read: 

US Cyber Security Chiefs Support Mandatory Incident Reporting:

 

« NCSC Cyber Security Breaches Survey 2022
Data Protection Must Be a Part of Every Cyber Security Strategy »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

SSL247

SSL247

SSL247 is Europe's leading Web Security Consultancy Firm. We enjoy long-standing partnerships with Certificate Authorities including Symantec, GlobalSign, Entrust Datacard, Comodo, Thales and Qualys.

World Privacy Forum (WPF)

World Privacy Forum (WPF)

The World Privacy Forum is a non-profit public interest research group that focuses on privacy and technology issues.

Research Institute in Trustworthy Industrial Control Systems (RITICS)

Research Institute in Trustworthy Industrial Control Systems (RITICS)

RITICS is one of three Research Institutes formed as part of the UK National Cyber Security Strategy.

KE-CIRT/CC

KE-CIRT/CC

KE-CIRT/CC is the national Computer Incident Response Team for Kenya.

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory is a manufacturer of military security and data destruction equipment for sensitive, classified, and secret information.

DataDome

DataDome

DataDome offers real-time AI protection against all OWASP automated threats, including credential stuffing, layer 7 DDoS attacks, SQL injection & intensive scraping.

BIND 4.0

BIND 4.0

Bind 4.0 is an acceleration program geared toward tech startups with solutions applied to Advanced Manufacturing, Smart Energy, Health Tech or Food Tech fields.

BI.ZONE

BI.ZONE

BI.ZONE creates high-tech products and solutions to protect IT infrastructures and applications, and provides services from cyber intelligence and proactive defence to cybercrime investigation.

Quantum Armor

Quantum Armor

Quantum Armor is a next-gen cyber security monitoring platform that allows you to continuously stay aware of your security posture, and proactively spot trends, vulnerabilities and potential attacks.

Veratad Technologies

Veratad Technologies

Veratad Technologies, LLC is a world class provider of online/real-time Identity Verification, Age Verification, Fraud Prevention and Compliance Solutions.

Almond

Almond

Almond is positioned as a key independent French player in audit and consulting in the fields of Cybersecurity, Cloud and Infrastructure.

Opora

Opora

Opora is the leading cybersecurity provider of adversary behavior analytics “ABA” and preemptive security solutions.

UNS Inc.

UNS Inc.

UNS is a top services partner for multiple leaders in the global cybersecurity industry – we do business in 40 countries, including the United States, Canada, Chile, and Colombia.

CentriVault

CentriVault

CentriVault is a leading independent provider of Cyber Security and Data protection services to small and medium enterprises (SMEs).

nandin Innovation Centre

nandin Innovation Centre

nandin is ANSTO’s Innovation Centre (Australian Nuclear Science and Technology Organisation) where science and technology entrepreneurs, startups and graduates come together.

SECQAI

SECQAI

At SECQAI we create dual-use hardware and software to enable the future of computing.