In today’s business environment, cyber attacks have become unavoidable. Recent research suggests that the number targeting UK businesses has increased by more than half in the past three months, to a staggering approximate 65,000 internet-born assaults per company[1].
Cyber security therefore needs to be placed high on an organisation’s risk register, as the ramifications of suffering an attack can be stark. This will only get worse from next year onwards, when the new General Data Protection Regulation (GDPR) comes into force and introduces severe penalties for non-compliance. UK businesses that experience a data breach could face a maximum potential fine of €20m, or 4% of global annual turnover(whichever is greater). That’s enough to cripple almost any business.
Despite widespread awareness around cyber security, there’s a reason cyber-attacks are still so effective: hackers continue to stay one step ahead. Attackers continue to increase their level of sophistication and there are now dozens of different ways that hackers can attempt to get their hands on the data they desire, whether it is a malware-laden malicious link, pop-up screens in your internet browser, or infected attachments within your emails.
Who should take responsibility
For the subject to be taken seriously, it is imperative that you get cyber security awareness buy-in from top to bottom throughout the organisation. One of the most effective ways to do this is to set up a security sub-group and task them with educating those around them on the dangers.
This sub-group should meet regularly to review potential security issues, as well as playing a major role in the drafting and adoption of a company-wide cyber security strategy. This strategy should consist of a set of best practices and is distributed to all employees across the company to raise awareness of potential issues. It should also make clear every employee’s role in the event of an attack.
Defining a cyber security strategy
As part of this cyber security strategy, it is imperative that businesses adopt a proactive, as opposed to a reactive, approach. It wasn’t too long ago that many could afford to sit back and wait for an attack to present itself before considering how to deal with it, but that simply isn’t possible now: the threat is too great and the consequences too severe. By writing the cyber security strategy with this proactive approach front-of-mind, the rest of the business will be much likely to follow suit.
Having a strong cyber security strategy is the first step towards achieving ISO27001, the certification which focuses on information security and provides an excellent foundation for a more comprehensive cyber resilience posture. Coupled with the government-backed Cyber Essentials scheme, ISO27001 sets out a great cyber security baseline for all organisations.
A tailored solution
Putting together a cyber security strategy can be an intimidating process, and simply taking an off-the-peg strategy will not yield positive results — each strategy must be tailored specifically to the business planning to live by it. As a result, many turn to specialist IT providers for guidance on the specific types of attacks they are most likely to face and how they can mitigate the risks. By working with the right provider, businesses can also benefit from an increased agility in responding to any attacks. With the cyber threat only set to continue growing, there’s never been a better time to start strengthening your defences.
By Gavin Russell, CEO, Wavex
[1] https://www.beaming.co.uk/cyber-reports/cyber-report-q2-2017/.