Why You Must Report A Cyber Attack

Uploaded on 2022-08-16 in GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law

Cyber incidents can have dire consequences. The theft of private, financial, or other sensitive data and cyber attacks that damage computer systems can cause lasting harm to anyone engaged in personal or commercial online transactions. Such risks are increasingly faced by businesses, consumers, and every other Internet user. 

Once you’ve suffered a cyber attack, much of the damage has already been done. There’s no way to make the disruption disappear or to circumvent your data breach notification requirements.  Ignoring the attack or your regulatory obligations will only make things worse.

Under the General Data Protection Regulations (GDPR) EU organisations are required to notify their relevant supervisory authority within 72 hours of discovering certain types of data breach. Specifically, you must notify your supervisory authority if the incident “poses a risk to the rights and freedoms of natural living persons”.Additionally, you must notify affected individuals if the incident results in a “high risk”.

Before you contact anyone, you must identify whether the data breach meets that threshold. That might seem like even more work, but it can have significant short, and long-term benefits. For example, reporting an incident allows individuals to look out for suspicious activity, such as money disappearing from their bank accounts, and enables them to take steps to protect themselves.

Notification also helps other organisations prepare for similar attacks. Criminals often reuse successful techniques, whether it’s a particular scam method or a network vulnerability, and officially announcing this threat gives organisations time to address the issue. If all organisations do this, you will benefit massively in the long run.

This issue connects to a far bigger problem - that no one is truly aware of just how big the threat of cyber crime is. The number of reported incidents has surged in the past few years, but experts suspect there are still a vast number of unreported breaches.

If there was more transparency, organisations would realise how important it is to address cyber security. It would also make criminals’ jobs harder. As it is, cyber crime is practically a no-risk venture: whether you succeed or fail, you fly under the radar and almost certainly won’t face any consequences. Organisations might counter these points by noting that very few cyber criminals are identified even when cyber crime is reported.

A survey by the National Crime Agency found that only 38% of respondents are confident that law enforcement responds appropriately to cyber attacks.

This problem is made worse by the low level of conviction and the light punishment that convicted cyber criminals receive. Cyber security journalist Brian Krebs reports on the prosecution of cyber criminals and, commenting on one case, “Courts around the world continue to send a clear message that young men essentially can do whatever they like when it comes to DDoS attacks and that there will be no serious consequences as a result. ...if we don’t have the stomach to put these “talented young hackers” in jail when they’re ultimately found guilty, perhaps we should consider harnessing their skills in less draconian but still meaningfully punitive ways.. such as requiring them to serve several years participating in programs designed to keep other kids from follow.”

Breached organisations aren’t the only ones that need reconsider the value of identifying and responding to cyber attacks. It requires a coordinated effort from everybody involved to appreciate the magnitude of the problem and how to reduce it. Cyber crime continues to rise in scale and complexity, affecting essential services, businesses and private individuals alike. It costs the UK billions of pounds, causes untold damage, and threatens national security. 

Organisations’ responses should include a detailed breach notification procedure, but it’s just as important to fortify defences and mitigate the threat of attacks.

DHS:     NCA:    NCSC:      IT Governance:      IT Governance:     Digital Social Care:   

University of Michigan:     Brian Krebs:

You Might Also Read: 

US Cyber Security Chiefs Support Mandatory Incident Reporting:

 

« NCSC Cyber Security Breaches Survey 2022
Data Protection Must Be a Part of Every Cyber Security Strategy »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jiran Security

Jiran Security

Jiran Security provides data and application security solution over email, mobile device and endpoints.

MailXaminer

MailXaminer

MailXaminer is an advance and powerful email investigation platform that scans digital data, performs analysis, reports on findings and preserves them in a court validated format.

J2 Software

J2 Software

J2 Software is a leading African Information Security and ICT business providing information security, governance, risk and compliance solutions.

Database Cyber Security Guard

Database Cyber Security Guard

Database Cyber Security Guard (aka Don't Be Breached) informs Security Professionals and DBAs of Zero Day, Ransomware and Data Breach attacks within milli-seconds

Blaze Information Security

Blaze Information Security

Blaze Information Security is a privately held, independent information security firm born from years of combined experience and international presence.

Consortium for Information & Software Quality (CISQ)

Consortium for Information & Software Quality (CISQ)

The mission of CISQ is to develop international standards for software quality and to promote the development and sustainment of secure, reliable, and trustworthy software.

Reed

Reed

reed.co.uk is a leading job site in the UK, providing a full online service for anyone looking for a new job.

Thrive

Thrive

Thrive delivers the experience, resources, and expertise needed to create a comprehensive cyber security plan that covers your vital data, SaaS applications, end users, and critical infrastructure.

Urbane Security

Urbane Security

Urbane Security is a premier information security consultancy empowering the Fortune 500, small and medium enterprise, and high-tech startups.

Protelion

Protelion

The Protelion Security Platform is uniquely architected to deliver security solutions that combine greater protection, flexibility, and performance.

Fortreum

Fortreum

Fortreum aim to simplify cybersecurity in the marketplace to accelerate your business outcomes.

Thoropass

Thoropass

Thoropass (formerly Laika) helps you get and stay compliant with smart software and expert services.

LMNTRIX

LMNTRIX

LMNTRIX eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent and respond to cyberattacks.

Orca Fraud

Orca Fraud

Orca is an AI-driven fraud orchestration platform. We empower fraud fighters to outpace fraud using our custom ML models.

SeQure

SeQure

SeQure is a novel cybersecurity and data observability company that offers Fortune 100 and Governments a zero-trust service to continuously monitor large network environments.

Instil Software

Instil Software

Instil helps technology brands transform, innovate and disrupt their markets with category-defining software products that challenge us to think, feel and act in new ways.