When Will We Truly Take Cyber Security Seriously?

Ed Vaizey, the Minister for the Digital Economy, has once again highlighted the proportion of businesses which have fallen victim to cyber breaches in the last year (74 percent of small businesses and 90 percent of major business). Those proportions show no sign of decreasing.  Some think this is in part due to the sophistication of attackers, but in reality a very significant proportion of breaches do not result from this and could be prevented.

Preparation is everything

In most of these breaches, the company will not yet know that their data has been compromised. When a breach does become apparent, being prepared in advance for how to respond is critical. Who will be responsible for investigating the breach and taking key decisions? This has to be someone senior within the business. How will you identify the extent of the breach, what data may have left the business, and how / what you will communicate to your customers? Could you have lost a business partner’s data, and what are your contractual obligations and liabilities if you have? Do you understand your regulatory obligations?  What external assistance might you need (specialist IT function, legal advice) and who can provide it? Time spent in advance planning these issues and preparing an incident response plan is crucial.

Given the figures of how many businesses are compromised, every business should be taking time to prepare for how they will respond to a discovered breach. The reality is that if a substantial breach is discovered, a business will be firefighting on many fronts to deal with what could be a business critical issue. Getting the first 72-96 hours right is crucial.

An “it won’t happen to me” attitude is just sticking your head in the sand

Many businesses may be thinking ‘it won’t happen to me, I’m not prepared to incur the cost of this’. First, the figures on the proportions of businesses already breached show that it probably already has happened to you, and you don’t know it yet. Second, this could be a business critical issue, so not preparing is a false economy. Third, there are other benefits to this work. The exercise of preparing for information security breaches means that businesses need to understand what data it holds and where it actually sits and flows within the business (not just where the business thinks it is). This may identify opportunities for efficiencies and improvements to business processes. It will also involve the business identifying what IT equipment it owns, where it is and what the risks associated with that equipment are. The rise of BYOD, for example, requires robust controls to ensure security that actually reflects the reality of how employees operate, not what policies say employees should be doing. Understanding the extent of ‘shadow IT’ within your business and how to deal with it is a significant benefit. Finally, demonstrating that you have ensured to have the appropriate policies in place can be significant in dealing with regulators after a breach.

A significant number of information security breaches can be avoided by relatively basic information security good practice. The government has published a number of guides which are a good starting point for many businesses.  The sheer number of businesses that the figures show may have already suffered a breach, most of which don’t know it yet, shows there’s a lot of work still to do for a very large number of businesses on information security.

How well do you know your data breaches? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

US ‘Adding Sophgo’ To Blacklist Over Link To Huawei AI Chip

US Commerce Department reportedly adding China's Sophgo to trade blacklist after TSMC-manufactured part found in…

19 mins ago

Amazon Workers Go On Strike Across US

Amazon staff in seven cities across US go on strike after company fails to negotiate,…

50 mins ago

Senators Ask Biden To Extend TikTok Ban Deadline

Two US senators ask president Joe Biden to delay TikTok ban by 90 days after…

1 hour ago

Journalism Group Calls On Apple To Remove AI Feature

Reporters Without Borders calls on Apple to remove AI notification summaries feature after it generates…

2 hours ago

North Koreans Stole $1.34bn In Crypto This Year

North Korea-liked hackers have stolen a record $1.34bn in cryptocurrency so far this year, as…

2 hours ago

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago