Cybersecurity Exercises
PPGR - Unit 1 and 2 - Exercises
Last Update Unknown
Task 1 - Cybersecurity trends
Look through the Cyber Security Breaches Survey 2023
Cyber security breaches survey 2023 - GOV.UK (www.gov.uk)
What do you think are the most important trends that are highlighted in the report?
In groups summarise the key points and nominate one of the group to present your findings to the whole class.
Larger businesses tend to face more breaches or cyber-attacks than smaller businesses.
32% of businesses and 24% of charities overall recall any breaches or attacks from the last 12 months. This is much higher for medium businesses (59%), large businesses (69%) and high-income charities with £500,000 or more in annual income (56%).
The number of businesses experiencing cyber-attacks dropped from 2022 to 2023, driven primarily by smaller organisations.
This is a decrease from 39% of businesses and 30% of charities in 2022. The drop is driven by smaller organisations – the results for medium and large businesses, and high-income charities, remain at similar levels to last year.
The cost of cyber-attacks is estimated to be an average of £1100 for businesses of any size and £4960 for medium and large businesses.
Among those identifying any breaches or attacks, we estimate that the single most disruptive breach from the last 12 months cost each business, of any size, an average of approximately £1,100. For medium and large businesses, this was approximately £4,960. For charities, it was approximately £530.
The proportion of smaller businesses saying cyber security is a high priority decreased by 12% since 2022, likely as a result of the economic climate such as inflation.
The proportion of micro businesses saying cyber security is a high priority has decreased from 80% in 2022 to 68% this year. Qualitative evidence suggests that cyber security has dropped down the priority lists for these smaller organisations, relative to wider economic concerns like inflation and uncertainty.
Under 40% of businesses are insured against cyber security risks. (63% for medium businesses and 55% for large)
Under four in ten businesses (37%) and a third of charities (33%) report being insured against cyber security risks – rising to 63% of medium businesses and 55% of large businesses (i.e. cyber insurance is more common in medium businesses than large ones).
Only 21% of businesses have a formal incident response plan. (47% for medium and 64% for large businesses)
Formal incident response plans are not widespread (21% of businesses and 16% of charities have them). This rises to 47% of medium-sized businesses, 64% of large businesses and 38% of high-income charities.
There was approximately 2.39 million instances of cyber-crime and 49,000 instances of fraud in 2022
We estimate that, across all UK businesses, there were approximately 2.39 million instances of cyber crime and approximately 49,000 instances of fraud as a result of cyber crime in the last 12 months. Across charities, there were approximately 785,000 cyber crimes over this period. The sample sizes do not allow us to estimate the scale of fraud resulting from cyber crime across charities. It should be noted that these estimates of scale will have a relatively wide margin of error.
The average cost of cyber-crime for businesses is estimated to be £15,300 per victim.
The average (mean) annual cost of cyber crime for businesses is estimated at approximately £15,300 per victim. The sample sizes do not allow this cost calculation for charities.
Task 2 - Threat identification
Identify the potential threats associated with a confidential document stored on a company’s file server.
Who might want access to the information in the document?
- Competitors
- People with the desire to leak something
- People who want to harm a particular company’s reputation
What would the consequences be of a data breach?
- Reputational Damage
- Financial Loss
- Operational Downtime
- Legal Implications
- Sensitive Data Loss
What would reduce the likelihood of an unauthorised person gaining access to confidential information?
- Store data securely
- Use access controls
- Staff Training
- MFA
- Anti-virus software
- Strong firewalls and Intrusion Detection Systems
Task 3 - Risk identification
What are the potential risks associated with the following (choose one scenario and discuss in small groups):
- An organisation managing publicly-available information on its web server
- A law enforcement organisation managing sensitive investigative information
- A financial institution managing routine administrative information (not privacy-related information)
- An online retailer managing orders and deliveries to customers
What effects would these risks have on: confidentiality, integrity and availability of information systems?