Highlights
- Government issues cybersecurity warning to small businesses following major attacks on JLR and Marks & Spencer.
- Free toolkit and cyber-essentials programme offered to help firms prevent email hacking, data breaches and ransomware.
- Experts advise prioritising basic security measures like multi-factor authentication over adopting artificial intelligence.
Ministers urged firms to "stay resilient in the face of evolving threats" in a letter signed by digital economy minister Liz Lloyd, small business minister Blair McDougall, and Richard Horne, chief executive of the National Cyber Security Centre.
The letter directed businesses towards a free toolkit providing step-by-step guidance on preventing email hacking, data breaches and ransomware.
"Protecting your business against a cyberattack is much less onerous than having to pick up the pieces after a devastating attack," the letter stated.
Recent cyberattacks on Jaguar Land Rover in August and Marks & Spencer in April have highlighted vulnerabilities facing large companies. JLR's revenues fell to £4.9 bn in the second quarter, down 24 per cent year-on-year, after the attack halted production for approximately five weeks.
Business Secretary Peter Kyle told MPs this month that the shutdown was so extensive that when officials requested a list of JLR's UK suppliers, the carmaker could not provide one as information was stored electronically. This delayed government loan guarantees needed to support suppliers during the production pause.
Experts advice basics
Rafe Pilling, director of threat intelligence at cybersecurity specialist Sophos, told The Times that attacks could be devastating for smaller companies. It is the difference between being able to pay your staff, to pay your bills and purchase supplies that go into production, he added.
Pilling noted small businesses are "vulnerable often because they're focused on delivering their core business and they're not aware of all the peripheral threats."
He advised "simple straightforward" steps including multi-factor authentication, strong passwords, system patching and up-to-date antivirus protection.
The ministerial letter also promoted the cyber-essentials programme, designed for small and medium-sized enterprises to implement basic security measures.
Pilling advised prioritising cybersecurity over adopting artificial intelligence, which adds complexity. In April, the government updated its cyber-governance code of practice, providing guidance on operational protection.
