Robert Shapland banner image
Organisational design | Sep 19

The crucial role of cybersecurity in a digital world

Organisational design | Sep 19

Digitalisation has propelled countless businesses to increased efficiency and profitability. But with this has come an elevated risk of cyberattacks on SMEs.

Rob Shapland

Rob Shapland Ethical hacker and Head of Awareness, Falanx Cyber

Reading Time 5 minutes

According to research and advisory company Gartner, 91% of businesses are engaged in some form of digital initiative, and 87% of senior business leaders say digitalisation is now a priority. Digitalisation has the potential to open your business to a far wider audience and massively improves efficiency, reporting, accuracy, and data-led decision making.

Unfortunately, with this opportunity has come a surge in cybercrime. Techjury reported that across the globe 30,000 websites are hacked daily and Statista estimates that the average amount stolen by hackers in 2023 in the UK is nearly £5,000, not to mention the costs businesses incur rebuilding what was lost, or the days or weeks where the company was left inoperable.

However, there are ethical hackers who use their powers to not only prevent cyberattacks but track down those who commit these crimes. One of these ethical hackers is Rob Shapland, Head of Cyber Professional Services for Phalanx Cyber, who will be hosting the Help to Grow: Management webinar on cyber security on Friday 22nd September at 1pm. Shapland uses his 15 years of experience to conduct penetration tests into hundreds of organisations’ security systems, ranging from large corporations to small businesses. But there is another unique aspect of Shapland’s work that has garnered attention from the likes of ITV and BBC.

‘My specialist niche within the industry is breaking into the premises of companies and attempting to steal information. I dress up as a fake employee with a fake badge, get inside the building itself, and then I attempt to connect something to the network, steal a hard drive out of the computer, walk off with a laptop, or whatever is required to get valuable information from the business.’

Rob Shapland
Head of Cyber Professional Services, Phalanx Cyber

The purpose of Shapland’s film-like antics is to prove a point. It is to show businesses that their defences against cyberattacks are not as sound as they may have thought. Once Shapland has returned to the business whatever he has stolen, he offers the employees training on how to prevent future cyberattacks.

Types of cyber-attacks

Shapland explains that the overwhelming majority of cyberattacks are carried out by criminals who’s one and only goal is to make money. These cyberattacks will usually happen in one of two ways:

  1. Social engineering – this is where criminals virtually disguise themselves, contact individuals within the business and trick them into divulging passwords or logins. One of the most popular attacks is phishing attacks which come in the form of emails, SMS, telephone, or clone phishing, where criminals create AI clones of your bank, HMRC, or phone contract provider. Once the criminals have access to the network they can steal valuable data, such as client payment information or drug or tech data and sell it on to a third party.
  2. Ransomware – the goal of ransomware is to encrypt or scramble primary functions or data of the business and then demand payment to release it. Depending on the size of the business, this can range from tens of thousands to millions of pounds.

Not only will the attacks themselves take a significant financial toll, but so too will the time the business is out of operation. In addition to this, businesses will need to report the attack to the Information Commissioner’s Office (ICO) who could issue a fine if they find the business has been negligent in the handling of their data. This can be  up to £17.5 million or 4% of the total annual worldwide turnover, whichever is higher, for the most serious infringements of the UK GDPR or the NIS Regulations

Suring up the defences

Shapland argues that SMEs are seen as low-hanging fruit by criminals as the cyberattacks on them are not usually orchestrated but rather acts of opportunistic acts of deviance.

‘A lot of the attacks that happen to SMEs are opportunistic, there is no real vendetta against the business. They’re not a multi-national corporation and the money made from any attack would be minimal compared to that generated by attacking an organisation the size of Microsoft or Pfizer. So, if you make it difficult for them to get in, they’ll tend to just move on somewhere else.’

Rob Shapland
Head of Cyber Professional Services, Phalanx Cyber

Shapland offers four basic solutions to businesses looking to improve their cybersecurity:

  1. Software – all computers will have some level of antivirus security software installed. It is important that these are reviewed and kept up to date to avoid unnecessary holes in your network’s security.
  2. Passphrases – we are all guilty of using a simple, short password to login to our laptops and document management systems at work. Although it may be convenient, it is far from safe. Instead, Shapland suggests using passphrases which are short sentences or catchphrases.
  3. Two-factor or multi-factor authentication – many cyberattacks come in from criminals browsing the web and searching for holes in your business. A sure way to mitigate this is two-factor or multi-factor authentication. This is something that a provider such as your bank probably already expects you to use to access their services. This will involve you using a separate app on your phone or receiving a short code to authenticate the login after entering your password.
  4. Secure email gateway – this will usually be provided by a third-party and act as a filter for all incoming emails. The third party will quarantine external and unrecognised emails and ask you for your approval before you dismiss them.

Keeping your wits about you

Knowing all the above is a great starting point and offers a solid defence against basic cyberattacks, but it is anything but fool proof. The last line of defence will always be the people in the business. Only training with a cybersecurity professional like Shapland will allow your people to know what to look for and what to do when they see it.

As a business who is yet to be targeted by cyber criminals, the cost for employee training and additional software may seem unnecessary. But it is worth bearing in mind that the costs of a successful cyberattack will likely be significantly higher than this and may even cripple the business.

To hear Shapland explain the importance of cybersecurity and delve deeper into some of techniques business leaders can utilise to prevent cyberattacks, register for The Crucial Role of Cybersecurity webinar taking place on Friday 22nd September at 1pm.

Rob Shapland

Rob Shapland Ethical hacker and Head of Awareness, Falanx Cyber

Latest articles

Find Out More

Help to Grow: Management logo
Female business leader smiling
Don’t forget, multiple participants can now join the course

Two leaders or senior managers from a business with 10 to 249 employees can now attend the 12 modules of learning and get the benefits of one-to-one mentorship.