The Cost Of A Cybersecurity Breach On Your Business; Interview With Neil Kilgallon, Managing Director, ID Studio Web Agency

Share

Share

Share

Share

Email

As technology continues advancing rapidly with emerging threats like artificial intelligence-powered attacks or quantum computing vulnerabilities looming on the horizon; It becomes crucial for businesses to not only stay up-to-date with technological advancements for security but also continuously evaluate their existing security strategies. One concerning trend is the increasing frequency and sophistication of ransomware attacks. These malicious software programs hold sensitive data hostage until a ransom is paid, causing significant financial losses for businesses. Another notable event is that small and medium-sized enterprises (SMEs) are increasingly becoming targets for cybercriminals. Despite having limited resources, SMEs often possess valuable customer information or intellectual property that makes them attractive targets. 

So, in this exclusive interview with TechBullion, Neil Kilgallon, Managing Director at ID Studio Web Agency will be outlining the actual cost of a cybersecurity breach on your business and how you can protect your business against a costly Cybersecurity Breach.

Please tell us about yourself and your journey so far in the web design and cybersecurity industries. 

My name is Neil Kilgallon, and I’ve been working within the web design and development industry for the last 28 years. I currently run ID Studio, a web design agency based in London.  

Since starting my career, the digital landscape has changed massively. When I first started,  cybersecurity was relatively unheard of and certainly not something companies overly concerned themselves with. As the industry expanded, so has our understanding of what’s needed to keep ourselves and our clients safe. 

I am passionate about staying up-to-date with the latest trends and technologies and believe it is essential for businesses to stay current with their security protocols as cybersecurity breaches continue to evolve and become even more common. 

Whilst cybersecurity is a wide-reaching topic, my background is centred around the locking down of websites, the backend systems, and the databases that power them. 

What do you do at ID Studio, and what services do you provide? 

ID Studio is predominantly a London web design agency. Our core services evolve around that. We design and develop websites for small startups through to internationally recognised brands such as  META, Ralph Lauren, and Zenith Bank. We’ve worked with several companies within the banking and fintech sectors, which require an understanding of potential security implications and regulatory laws. 

We have a small but very strong back-end development team that is capable of building enterprise-level web-based business applications. 

We are not a cybersecurity firm and would not claim to be. However, we firmly believe cybersecurity shouldn’t be an afterthought and try to educate our clients accordingly. 

What is a cybersecurity breach, and what are some common types of cybersecurity breaches that businesses may encounter? 

A cybersecurity breach, simply put, is a type of incident where unauthorised individuals gain access to secure data or systems, unfortunately, quite often with malicious intent. 

Businesses today face a variety of cybersecurity breaches. Among the most common types are: 

1. Phishing attacks: These are deceptive attempts to trick individuals into revealing sensitive information, such as passwords or credit card numbers, by posing as a trustworthy entity  through email or other communication channels. 
2. Malware intrusions: Malware, or malicious software, includes viruses, worms, ransomware,  and spyware that can disrupt operations, steal data, or gain unauthorised access to systems. 
3. Denial-of-service attacks (DoS): These attacks overload a system, network, or website with  traffic, causing it to slow down significantly or even crash, thus denying service to legitimate  users.
4. Man-in-the-middle (MitM) attacks: In these types of attacks, the perpetrator covertly  intercepts and potentially manipulates the communication between two parties who are  under the impression that they are engaging in direct communication with one another. 
5. Zero-Day Exploits: These involve the exploitation of unknown vulnerabilities in software or  hardware before the vendor has a chance to create and distribute a fix. 

Awareness of these threats is the first step for businesses to bolster their defences against  cybersecurity breaches. 

How much does a cybersecurity breach cost businesses, and how can a cybersecurity breach  impact a business? 

The cost of a cybersecurity breach can be catastrophic both financially and in terms of trust and  reputation. Cybersecurity Ventures and IBM Security’s annual study on the cost of a data breach  suggests the global average cost of a data breach in 2023 was USD 4.45 million, with the cost per lost  or stolen record being up to $150. The most expensive type of cyber-attack is ransomware which can  amount to an average loss of over $7 million due to disruption caused and downtime.  

Aside from the financial burden, businesses may also face reputational damage from a cybersecurity  breach. Customers who are aware of the breach may be less likely to trust the business, and their  data could be lost or exposed throughout the process, resulting in further losses.  

Who is most at risk for a cybersecurity breach, are small businesses equally vulnerable to cyber attacks as larger corporations, any scenarios you would like to share with us? 

All businesses are vulnerable to cybersecurity breaches. Smaller businesses may have fewer  resources available to allocate towards security. This can make them an easier target for hackers  looking to exploit a weakness within their code base or system. Quite often, small businesses do not  realise they have been compromised, and it might take some time to react. 

Larger corporations are also at risk of cyber-attacks, as they typically store much more sensitive data,  which hackers can use for financial gain or other destructive purposes. The financial implications for  large organisations can be massive. 

How does a significant cyber-attack affect customer trust and business reputation, and what can be  done to mitigate these effects? 

Many recent examples of cyber-attacks on businesses have resulted in negative public sentiment.  These include Equifax, which in 2017 experienced a massive data breach that exposed the personal  information of 147 million people, leading to a significant public backlash and regulatory penalties.  Similarly, in 2018, Facebook faced public scrutiny when it was revealed that Cambridge Analytica  harvested the data of millions of Facebook users without their consent, resulting in a loss of trust  among users and lawmakers alike. 

Mitigating these effects requires a multi-faceted approach. Firstly, implementing strong cybersecurity  measures is crucial. This includes regular risk assessments, employee training, and having an incident  response plan in place. Secondly, in the event of a breach, transparent communication is key. 

Businesses must notify affected parties promptly and honestly, providing details of the breach and  the actions taken to resolve it. Lastly, offering support such as credit monitoring services can reassure  customers that the business is taking their data security seriously. With these measures in place, a  business can work towards rebuilding trust and restoring its reputation. 

In terms of prevention measures, what key steps should companies take to minimize their risk of  experiencing a costly breach? How can businesses protect themselves from a cybersecurity  breach? 

As a web design and development agency, we can take the following measures to help protect our  clients and their websites. 

1. Regularly update and patch systems: This helps safeguard against the latest threats and  vulnerabilities. Outdated software can create an easy entry point for cybercriminals. 
2. Implement strong access control: Limiting access to sensitive data can help reduce the risk  of breaches. Employees should only be granted access to systems and data necessary to  perform their job functions. 
3. Educate employees: Many cyber threats originate from human error. Regular training can  help employees recognize potential threats, such as phishing scams. 
4. Use secure configurations: Default configurations of many systems and software are often  not secure. Companies should ensure they have followed best practices to harden their  systems against attacks. 
5. Implement strong encryption: If data is stolen, encryption can prevent or significantly hinder  a hacker’s ability to read the data. 
6. Regular backups: Regularly backing up data can help a company recover in the event of a  ransomware attack, where data is encrypted by a hacker and held hostage. 
7. Use intrusion detection systems: These systems can help identify and respond to potential  attacks before they cause significant damage. 
8. Engage professional services: Companies may benefit from engaging the services of a  cybersecurity firm to conduct regular penetration testing and vulnerability assessments.  

How is ID Studio in a position to help businesses facing cyber threats? 

Our development team have a combination of degrees in cybersecurity and CompTIA Security+  certification. Our company is UK government Cyber Essentials Certified. 

When designing and developing a website or web-based enterprise application, we take a security first approach to ensure that the system is locked down. Ongoing maintenance and support are  essential to ensure these systems stay secure and are regularly patched and updated as and when  released. As a bare minimum, we code to OWASP Top Ten. 

Below are some tips to help keep your website safe from cyber-attacks:

1. Data Retention: Only keep sensitive data for as long as you need to. If you are authenticating  a user and require a driving license, only keep that information until the user has been  identified. Once it has served its purpose, delete it. 
2. Ensure Software is Up-to-Date: Regularly updating your software, including the website  platform and scripts you run, is crucial. This is even more important for systems like  WordPress, which are targeted all the time. 
3. Use Strong Passwords And 2FA: Implement a robust password policy. Passwords should be  complex, unique, and regularly updated. You can also introduce a company policy whereby  users must change their password every six months. Make sure Two-factor authentication  (2FA) is enabled across the company. 
4. Install a Web Application Firewall (WAF): A WAF can help block potential security threats  before they reach your website. 
5. Limit File Uploads: Files uploaded to your website can pose a significant risk. Limiting file  uploads or setting strict permissions can help prevent such issues from occurring. 
6. Use HTTPS: Secure all communication with HTTPS. 
7. Regularly Backup Your Website: Regular backups provide a safety net as you can restore a  previous version if your website is compromised. Have a failsafe, so potentially a copy at your  office or home and another in the cloud. 

What are you currently working on at ID Studio? 

Being a London web design agency, we are fortunate enough to have worked on some very exciting  projects for some great clients. Whilst many of the projects we are working on are for companies  based in London and the UK, we also work with organisations across the globe. We are currently  helping the Hamad Medical Corporation in Qatar with an internal document portal which is an  exciting project.