Why You Must Report A Cyber Attack

Uploaded on 2022-08-16 in GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law

Cyber incidents can have dire consequences. The theft of private, financial, or other sensitive data and cyber attacks that damage computer systems can cause lasting harm to anyone engaged in personal or commercial online transactions. Such risks are increasingly faced by businesses, consumers, and every other Internet user. 

Once you’ve suffered a cyber attack, much of the damage has already been done. There’s no way to make the disruption disappear or to circumvent your data breach notification requirements.  Ignoring the attack or your regulatory obligations will only make things worse.

Under the General Data Protection Regulations (GDPR) EU organisations are required to notify their relevant supervisory authority within 72 hours of discovering certain types of data breach. Specifically, you must notify your supervisory authority if the incident “poses a risk to the rights and freedoms of natural living persons”.Additionally, you must notify affected individuals if the incident results in a “high risk”.

Before you contact anyone, you must identify whether the data breach meets that threshold. That might seem like even more work, but it can have significant short, and long-term benefits. For example, reporting an incident allows individuals to look out for suspicious activity, such as money disappearing from their bank accounts, and enables them to take steps to protect themselves.

Notification also helps other organisations prepare for similar attacks. Criminals often reuse successful techniques, whether it’s a particular scam method or a network vulnerability, and officially announcing this threat gives organisations time to address the issue. If all organisations do this, you will benefit massively in the long run.

This issue connects to a far bigger problem - that no one is truly aware of just how big the threat of cyber crime is. The number of reported incidents has surged in the past few years, but experts suspect there are still a vast number of unreported breaches.

If there was more transparency, organisations would realise how important it is to address cyber security. It would also make criminals’ jobs harder. As it is, cyber crime is practically a no-risk venture: whether you succeed or fail, you fly under the radar and almost certainly won’t face any consequences. Organisations might counter these points by noting that very few cyber criminals are identified even when cyber crime is reported.

A survey by the National Crime Agency found that only 38% of respondents are confident that law enforcement responds appropriately to cyber attacks.

This problem is made worse by the low level of conviction and the light punishment that convicted cyber criminals receive. Cyber security journalist Brian Krebs reports on the prosecution of cyber criminals and, commenting on one case, “Courts around the world continue to send a clear message that young men essentially can do whatever they like when it comes to DDoS attacks and that there will be no serious consequences as a result. ...if we don’t have the stomach to put these “talented young hackers” in jail when they’re ultimately found guilty, perhaps we should consider harnessing their skills in less draconian but still meaningfully punitive ways.. such as requiring them to serve several years participating in programs designed to keep other kids from follow.”

Breached organisations aren’t the only ones that need reconsider the value of identifying and responding to cyber attacks. It requires a coordinated effort from everybody involved to appreciate the magnitude of the problem and how to reduce it. Cyber crime continues to rise in scale and complexity, affecting essential services, businesses and private individuals alike. It costs the UK billions of pounds, causes untold damage, and threatens national security. 

Organisations’ responses should include a detailed breach notification procedure, but it’s just as important to fortify defences and mitigate the threat of attacks.

DHS:     NCA:    NCSC:      IT Governance:      IT Governance:     Digital Social Care:   

University of Michigan:     Brian Krebs:

You Might Also Read: 

US Cyber Security Chiefs Support Mandatory Incident Reporting:

 

« NCSC Cyber Security Breaches Survey 2022
Data Protection Must Be a Part of Every Cyber Security Strategy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Malware.lu

Malware.lu

Malware.lu is a repository of malware and technical analysis. The goal of the project is to provide samples and technical analysis to security researchers.

Endace

Endace

Endace is a leader in network visibility, network recording and packet capture solutions for security, network and application performance monitoring.

Secure India

Secure India

Secure India provides Forensic Solutions that help Government and Business in dealing with prevention and resolution of Cyber related threats.

Cofrac

Cofrac

Cofrac is the national accreditation body for France. The directory of members provides details of organisations offering certification services for ISO 27001.

Netlawgic Legal Services

Netlawgic Legal Services

Netlawgic is exclusively focused on delivering cyber law solutions to the industry. We provide our clients with specialized attention and problem solving in all aspects of cyber law.

Splone

Splone

Splone is a Berlin-based IT security research team and consultancy. We help improve IT-security by offering red team assements, penetration tests, audits and customized consulting.

MCPc

MCPc

MCPc improves the security and well-being of our clients. We protect data, manage the complexity and sustainability of technology, empower employee performance, and ultimately reduce business risk.

Aura

Aura

Aura is a mission driven technology company dedicated to creating a safer internet for everyone. We’re making comprehensive digital security that's simple to understand and easy to use.

IntelliDyne

IntelliDyne

IntelliDyne is a leading information technology consulting firm enabling better mission performance through innovative technology solutions.

Spotit

Spotit

Spotit offers a wide-ranging portfolio of technologies and services, from consultancy, assessments and pentesting to the set up of completely new security and network infrastructures.

Digital Security by Design (DSbD)

Digital Security by Design (DSbD)

Digital Security by Design is an initiative supported by the UK government to transform digital technology and create a more resilient, and secure foundation for a safer future.

McKinsey & Company

McKinsey & Company

McKinsey & Company is a global management consulting firm. We are trusted advisor to the world's leading businesses, governments, and institutions.

Protect AI

Protect AI

Protect AI is a cybersecurity company focused on AI & ML systems. Through innovative security products and thought leadership in MLSecOps, we help our customers build a safer AI powered world.

Telesign

Telesign

Telesign connect, protect, and defend online experiences with sophisticated digital identity and programmable communications solutions.

Sweet Security

Sweet Security

Sweet Security delivers Runtime Attack Security for Cloud Workloads.

Deepware

Deepware

Deepware is an emerging AI research company dedicated to exploring the potential of GenAI in both generation and detection.