With headlines on ransomware attacks such as the NHS and NotPetya crises, cyber security has become big news. That said, a surprising number of organisations choose to keep their victim status under wraps, only exposing the truth when absolutely necessary. But why is this?
Here are three key reasons why institutions and corporations do their best to conceal cyber breaches.
They don’t know they’ve been attacked
Many businesses operating online still lack the adequate technology needed to detect cyber-attacks. Others invest sensibly in detection and response but still fail to spot cyber-attacks.
Similarly, businesses often lack the correctly-trained manpower to appropriately respond when a crisis strikes.
Some even remain unaware there's even been a security breach until informed externally, e.g. by their customers.
With management in the dark, it's not surprising businesses under attack can't notify service users of a breach. But failure to recognise security breaches is now arguably one of the greatest crises an organisation can face.
They are still vulnerable to attack
Easier to empathise with, another reason for concealing cyber-attack situations can be the organisation not yet having contained the issue. Announcing their attack status to the world could result in further damage from others piggy-backing off the situation.
Research indicates that as soon as new security vulnerabilities are made public, subsequent attempts to exploit them soar. Cyber-attacks can be complex, multi-faceted problems to solve.
In the midst of an attack, trying to identify what is actually going wrong can be highly challenging. Even if the problem itself is visible, fixing it can take months or even years. With going public too soon, having potentially fatal consequences, it's understandable that businesses feel justified in keeping the news contained.
Often, they feel it’s safer to only reveal the attack once everything's been sorted.
Share prices could fall
The mere fact that a corporation's data has been compromised can drive its reputation into the ground. Stealing data here is merely a means to an end, and an effective way to lower share value plus gain a competitive advantage. Declaring such an incident would be playing right into the hands of the attacker. Not surprising then, that some businesses choose to get their facts straight before taking any other action.
Hackers have come a long way from their amateur bedroom days. Replacing them is a modern, more professional breed. They know exactly what they're doing. They can be associated with organised crime syndicates, or even foreign intelligence. Heavily funded, highly skilled, and well-equipped organisations in themselves, they target big businesses; sometimes costing a fortune in lost data and disruption. This new type of hacker invests a lot of time and money in ensuring being discovered isn't on their agenda.
Get in touch today with one of our cyber experts to see how we can help your business be more #CyberAware,
or telephone +44 (0)203 102 4616.