A heading that certainly grabs the attention – or it did when I read it in a recent edition of The Grocer. Perhaps somewhat surprisingly the title didn’t refer to the current shenanigans about whether Brexit will comprise a soft or a hard landing. Instead, the title headed an article on another very common topic of debate – cyber crime and, in particular, why the food & drink sector is an easy target.
To demonstrate the extent of the threat caused by cyber crime, the article quoted a recent Ipsos Mori survey revealing that nearly half of all UK businesses had suffered at least one cyber security attack in the last year. The article then highlighted a number of reasons why the food & drink sector is at particular risk, including:
- Supermarkets having extensive personal and financial information on staff and customers
- Unscrupulous companies seeking commercially sensitive information, given the hyper competitive nature of the grocery market
- ‘Hacktivists’ – hackers driven by ideology rather than cash, objecting to topics such as meat production or GM products
Such attacks could include, not just the obvious loss of financial and other records or cash itself, but also perhaps the tampering of recipes or disruption to production systems and logistics. All of these could result in ‘shops empty and shelves bare within a few days’ according to cyber security specialist CGI.
In another recent article, Martin Forsyth, head of technical at the British Frozen Food Federation, said there were numerous examples of “low-level scams and hacking attempts on an almost daily basis – the food & drink sector is definitely at risk.”
A particularly worrying aspect of the Ipsos Mori research found that food & drink businesses were less likely than other sectors to seek advice on cyber security threats, with only 39% seeking advice compared with 58% across all sectors.
Therefore, it was interesting that the most thought provoking topic at our summer series of Finance Directors’ seminars was cyber security. Presented by Richard Wilding, our head of cyber security services, the session covered:
- what is cyber crime?
- facts and figures on the growing extent of the crime
- steps businesses should be taking to reduce the risk
Richard ended his session by outlining the services PKF Francis Clark offer businesses. As set out in this article PKF Francis Clark recently achieved the IASME Gold Standard rating for cyber security. This is one of the five accreditation bodies established by the Government to roll out the Cyber Essentials Scheme and provides a set of five controls that organisations can implement to achieve a baseline cyber security – boundary firewalls, internet gateways, secure configuration, access control, malware protection and patch management.
By achieving the Gold Standard we have become a certification body and can help other businesses achieve accreditation. Businesses can choose one of three levels of certification and assurance depending on their infrastructure and risk appetite:
- Cyber Essentials Basic – the ‘entry level’ of the UK Government accredited scheme achieved by submitting answers via a secure on-line portal which are then assessed and scored. Cyber Essentials Basic revolves around five key control areas and is relatively easy to achieve, although it is recognised that companies may need help. We offer a ‘fixed fee deal’ which includes one day’s time of assistance and an external vulnerability scan.
- Cyber Essentials Plus – adds an on-site technical audit where IT systems are tested for common vulnerabilities and ease of penetration to provide a good measure of assurance that the business is safe from common threats.
- IASME Standard – all businesses keeping customer data will be expected to comply with the new General Data Protection Regulations (GDPR) from May 2018 with a fine of up to 20 million Euros for non-compliance. Privacy by design is an integral part of GDPR and can only be achieved by sufficiently robust IT governance. The IASME Standard is a version of ISO27001 for SMEs and provides the governance and policies that will comply with GDPR.
For further information on what assistance we can offer to reduce the chances of your business being affected by cyber crime, please do not hesitate to contact your local PKF Francis Clark Cyber Security Expert contact.