International espionage, declarations of cyberwar, a touch of Hollywood and a global brand that will take years to recover in terms of reputation and probably revenue.
The damage is immense, and the repercussions will be felt far into the future.
The murky world of cybercrime has truly entered our lives and when security vendors claim that 90 per cent of organisations have been hacked, it is a problem that we can’t ignore.
Last year in the UK the Government, financial services and telecom sectors were the most targeted: these companies are also our clients.
We are in the privileged position of holding client information and of having close relationships where our contacts will open emails from us, or click on links we send them – that makes us a target too.
A popular attack method used by hackers is to identify the weakest points in a supply chain, infiltrate and then find ways through those channels to their ultimate target.
The hackers are clever; they’ll ‘socially engineer’ you to get you to give up your secrets.
So it may be a ‘presswire’ sending you a link to new prices or a request for information) from an unknown company. The aim is to get you to open an infected document or webpage.
Once opened a piece of malware will be installed and will then sit in the company systems quietly gathering information until it is detected.
FireEye says that it takes an average of 229 days for malware to be detected – imagine what’s being collected.
Essentially, what this comes down to is that as trusted suppliers to organisations that hold any kind of intellectual property (from movies to car designs), customer or citizen data or sensitive financial information – anything that can be sold or can provide a competitive advantage – we must make sure we are protected so our clients are protected.
Some RFIs and contracts now require agencies to show that they have strong cyber-defences, like firewalls, anti-virus software and secure data centre environments.
But some go even further – specifying certain security procedures and products, for example encryption technologies.
Obviously this is where you need to work closely with the IT guys to understand what you’ve got and what’s actually practical to implement.
It’s also worth just checking this out anyway. A good security conversation with your IT guy over a coffee will win you a fan forever and show to clients that you are taking their protection seriously.
In a really practical sense, the key things to remember are:
* Be really careful what you click on or open
* Make sure you password protect all your devices
* Keep your social media account passwords as strong as possible - this is your public profile
There is loads more that can be done, but we’re all pretty busy, so just simple steps will help.
Let your IT guys do the rest and, for more practical advice, getsafeonline.org
is a good place to start.Jenny Tandy is head of technology at The Red Consultancy