Business Cyber Security Strategy

Uploaded on 2018-05-29 in Directors Reports

In the last decade there have been a growing number of cyber-attacks on business. 

A huge range of organisations and companies around the world have been affected by the WannaCry ransomware cyber-attack, described by the EU's law enforcement agency as "unprecedented".

From "cyberwar" to "hacktivism", there have been some of the major cyber-attacks over the past 10 years.
Recently the Petya ransomware attack which took place in June 2107 paralysed thousands of companies worldwide, and this attack reinforced the new EU cyber legislation. 

Firms that are breaching the EU’s General Data Protection Regulation (GDPR) next year could be fined up to €20m (£18m). 
This new law is now beginning to make cyber security a crucial issue for all businesses. However, we have found that on average, while 93% of members regard it as important, only 56% have established a formal cyber security strategy.

Business Responsibility
The Board is ultimately accountable for the protection of corporate systems. Therefore, they need to develop a cyber security policy, regularly audit their IT systems, educate their staff, review supplier contracts and incorporate cyber insurance.

Analyse the Risks 
Directors need to ask themselves and all Board members: how confident are they that their business information assets are protected? Who might compromise their security? What forms might the threat take? What effects could an attack have? Have they had analysis of their business’s systems and had a report completed and how long ago was this done?  
Completing this work will help your business to implement suitable controls and determine what good practice looks like. Repeat the procedure regularly, continually reassessing the effectiveness of your measures. If a third party manages your IT services, review your agreements with it and ensure that those handling your data also apply these controls.

Understand and Follow the Law
Ensuring that your business follows the strict data protection principles outlined by the Information Commissioner’s Office (ico.org.uk) and enforced by the Data Protection Act 1998 will help to shield it from attacks, prosecutions, fines and reputational harm. 

These stipulate that the data held and processed by your firm must be kept securely; be used fairly and lawfully for specific, limited purposes; and not be moved outside the EEA without adequate protection. 
Also, planning and implementing the changes that your firm needs to make to comply with the GDPR now will ensure its readiness for the legislation when this comes into force in 2018.

Getting the Fundamentals Right
Applying basic, effective measures to protect your company’s systems will mitigate many of its cyber risks. You should download and install software updates as soon as these become available, as they often contain security patches. 
Similarly, use strong passwords; delete all suspicious emails, which could contain malware or be phishing attempts; and always use up-to-date anti-virus software.

One of the most crucial measure is to train all staff in these basics and keep them abreast of the latest threats. Human error is often at the root of a breach, the mere opening of an email attachment by an unwitting employee could cause one. 
You therefore need to develop a security-aware culture. The government’s Cyber Essentials scheme sets out five controls that would help to reduce cyber-attacks on your company.

Cyber Security Insurance
Insurance is not yet widely viewed as a cyber security measure. Indeed, only 22 per cent of business we have spoken to have taken out such cover for their firms. 

But products in this area can insure against a range of risks, including network security liability, data and software damage, business interruptions and reputational harm. 

Although some events, including the theft of intellectual property, remain uninsurable because the associated losses are hard to prove and/or quantify, insurance is likely to feature heavily in any effective cyber strategy in the near future.

British Standards Institute
We think that the UK should take more of a lead in this area and that BSI should have standards that should be implemented to enhance Cyber Essentials, which we think is very important once the UK leaves the EU.

The new BSI Standards should include a Cyber/IT Audit twice a year, training of staff four times a year using on-line training sessions and cyber security insurance policy which takes into account the BSI Standards and therefore probably reduces the cost of a business cyber insurance policy. 


Please contact: Cyber Security Intelligence for more information.

 

« Europe Is A Cybercrime Hub
Business Cyber Security Strategy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Omerta

Omerta

Omerta is a global security technology and services company. We advise, consult, design, build, mitigate, protect, manage, provide and train to protect from increasing cyber threats.

Verisec International

Verisec International

Verisec International AB is a Swedish Tech company focused since inception in enabling Trust in Digital Transactions, through the development of proprietary cutting-edge technologies and services.

Clearwater Security & Compliance

Clearwater Security & Compliance

Clearwater Compliance specialize in Privacy, Security, Compliance and Risk Management Solutions for Health Care, Law Firms and other businesses.

OASIS Open

OASIS Open

OASIS Open is where individuals, organizations, and governments come together to solve some of the world’s biggest technical challenges through the development of open code and open standards.

SCADAfence

SCADAfence

SCADAfence offers cutting edge cybersecurity solutions designed to ensure the operational continuity of industrial (ICS/SCADA) networks.

CIO Dive

CIO Dive

CIO Dive provides news and analysis for IT executives in areas including IT strategy, cloud computing, cyber security, big data, AI, software, infrastructure, dev ops and more.

Ponemon Institute

Ponemon Institute

Ponemon Institute conducts independent research on data protection and emerging information technologies.

Ordr

Ordr

Ordr Systems Control Engine. The first actionable AI-based systems control engine for the hyper-connected enterprise. You’re in control.

ColorTokens

ColorTokens

ColorTokens Xtended ZeroTrust Platform protects from the inside out with unified visibility, micro-segmentation, zero-trust network access, cloud workload and endpoint protection.

Whistic

Whistic

Whistic is a cloud-based platform that uses a unique approach to address the challenges of third-party risk management.

DataExpert Singapore

DataExpert Singapore

DataExpert Singapore provide solutions and services in the areas of Digital Forensics, Data Recovery, Data Duplication, Data Degaussing & Wiping, Data Destruction, and IT Disposal.

Syracom

Syracom

syracom is a consultancy firm specialized in development of efficient business processes. With our expertise and IT competence, we develop tailored solutions for customers in various industries.

RMRF Tech

RMRF Tech

RMRF is a team of cybersecurity engineers and penetration testers which specializes in the development of solutions for early cyber threat detection and prevention.

Liminal

Liminal

Liminal is a boutique strategy advisory firm serving digital identity, fintech, and cybersecurity clients, and the private equity / venture capital community.

Bright Security

Bright Security

Bright Security is a developer-centric Dynamic Application Security Testing (DAST) solution that helps organizations ship secure applications and APIs quickly and cost-effectively.

Single Point of Contact

Single Point of Contact

Single Point of Contact is a Managed IT Services provider that helps businesses to achieve a seamless and secure IT environment.