Trained staff the first defence against cyber attack says Sussex consultant

The NHS ransomware attack should be seen as a wake-up call for businesses to train staff in basic cyber security, irrespective of their sector or size, a Sussex insurance consultant has said.
Mark Bennett, CEO of Bennett Christmas Insurance Brokers.Mark Bennett, CEO of Bennett Christmas Insurance Brokers.
Mark Bennett, CEO of Bennett Christmas Insurance Brokers.

Within hours of the WannaCry malware being detonated on Friday, hospitals and GP surgeries were reporting cancellations and delays. By the close of the weekend more than 200,000 machines in 150 countries had been crippled.

“Although the scale of this single ransomware attack on a high-profile public service is more serious than anything we’ve witnessed before, such incidents are more common than many businesses realise and the numbers are growing,” said Bennett Christmas CEO Mark Bennett.

Hide Ad
Hide Ad

“We’ve seen SMEs of all sizes affected by similar cyber attacks. It’s devastating for a massive organisation like the NHS - you can imagine how it can cripple a small firm.”

According to recent analysis from telecommunications specialists Beaming, the average UK SME suffered more than 1,000 cyber assaults on its firewall every day in 2016.

“But there has also been a steady rise in attacks that take place in front of the firewall and there’s a limit to how far they can be contained and prevented by technology – and the criminals know it,” said Mark.

“Your first and best defence against these cyber crimes is your own staff. It comes down to individuals within your organisation knowing how to spot something that looks suspicious, such as an attachment in an email, and knowing not to touch it.”

Hide Ad
Hide Ad

Bennett Christmas has been highlighting the need for cyber security protection and insurance for businesses as part of a risk reduction programme that could save thousands in lost business, data retrieval and potential claims against SMEs.

“Building a ‘human firewall’ is something we’ve been encouraging clients to do for some time, using a combined risk assessment and education tool called CyberAMI,” said Mark.

“We believe cyber security training in the workplace should be as routinely delivered as health and safety and first aid.”