If I held a gun to your head and demanded several thousand pounds or I’d burn down your business what would you do?
The odds are you’d call the police, I’d get arrested and the problem would go away.
But imagine if you were sent an email containing a ransom demand for several thousand pounds or the sender would disable your entire computer system and ruin your business.
What would you do then?
You could phone the police but I wouldn’t fancy their chances of catching an international cyber terrorist before they carry out their threat.
Welcome to the world of ransomware and cyber security.
On Tuesday I hosted a cyber security conference called ‘Unlocked – Manchester’, organised by UKFast and Secarma, leaders in penetration testing and online security.
One speaker after another shone a light on the scale of the problem.
Carphone Warehouse; Sony Pictures; Tesco Bank; Mossack Fonseca; TalkTalk, Netflix; and Yahoo have all been the victims of high profile security breaches but these are just some of the ones we know about.
Award-winning blogger, author, podcaster and security analyst Graham Cluley kicked off the event by showing how, in 2013, hackers were able to wipe $61bn off the stock market by hijacking the Associated Press Twitter account and posting a false claim of an attack on the White House.
The Twitter post falsely claimed President Barack Obama had been injured after his residence was bombed but it was enough to send the market into freefall.
And so it went on. Justin Joyce, of Lloyds Banking Group, said trying to stay one ahead of the cyber terrorists was a bit like an arms race.
He said a successful terror attack could be worth a potential £1bn to the criminal so the incentive to try was massive.
What was clear was that you don’t have to be an international blue chip company to be a target of hackers.
Last year 74 per cent of SMEs were the victims of a cyber breach. Even more worrying than that was that 60 per cent of companies that suffered a breach went out of business within a few months.
Cyber security is a massive problem but too many businesses are sleepwalking into disaster.
Asam Malik, director, technology and cyber security risk practice for PwC in the North West and North East, gave a graphic example of the problem.
PwC carried out a ‘social engineering’ attack on a client.
Men in high-vis jackets tricked their way into the building and then spent three hours on a computer in the middle of an office while staff made them cups of coffee!
This is a hugely significant point. A lot of people worry about the threat of external terror attacks but it’s often insiders who leave the door unlocked, be it deliberate or accidental.
One third of employees at a firm PwC work at clicked a ‘malicious’ link promising them a 25 per cent discount on Apple products!
Terry Greer-King, of Cisco Security, summed it up best when he said: “There are two types of business – those who’ve been hacked and those that don’t know they’ve been hacked.”
It’s not all bad news. Companies who take steps against cyber terrorists are far less likely to be attacked than businesses who resolutely put their head in the sand.
The question is this: which one are you?