Business Cybersecurity Strategy

Uploaded on 2018-02-08 in NEWS-Cybersecurity News, FREE TO VIEW

In the last decade there have been a growing number of cyber-attacks on business. 

A huge range of organisations and companies around the world have been affected by the WannaCry ransomware cyber attack, described by the EU's law enforcement agency as "unprecedented".

From "cyberwar" to "hacktivism", there have been some of the major cyber-attacks over the past 10 years. The Petya ransomware attack which took place in June 2017 paralysed thousands of companies worldwide, and this attack reinforced the new EU cyber legislation. 

Firms that are breaching the EU’s General Data Protection Regulation (GDPR) next year could be fined up to €20m (£18m). 
This new law is now beginning to make cyber security a crucial issue for all businesses. 

However, we have found that on average, while 93% of businesses surveyed regard it as important, only 56% have established a formal cyber security strategy.

Business Responsibility
The Board is ultimately accountable for the protection of corporate systems. Therefore, they need to develop a cyber security policy, regularly audit their IT systems, educate their staff, review supplier contracts and incorporate about cyber insurance.

Analyse the Risks 
Directors need to ask themselves and all Board members: how confident are they that their business information assets are protected? Who might compromise their security? What forms might the threat take? What effects could an attack have? Have they had analysis of their business’s systems and had a report completed and how long ago was this done?  

Completing this work will help your business to implement suitable controls and determine what good practice looks like. Repeat the procedure regularly, continually reassessing the effectiveness of your measures. If a third party manages your IT services, review your agreements with it and ensure that those handling your data also apply these controls.

Understand and Follow the Law
Ensuring that your business follows the strict data protection principles outlined by the Information Commissioner’s Office (ico.org.uk) and enforced by the Data Protection Act 1998 will help to shield it from attacks, prosecutions, fines and reputational harm. 

These stipulate that the data held and processed by your firm must be kept securely; be used fairly and lawfully for specific, limited purposes; and not be moved outside the EEA without adequate protection. 
Also, planning and implementing the changes that your firm needs to make to comply with the GDPR now will ensure its readiness for the legislation when this comes into force in 2018.

Getting the Fundamentals Right
Applying basic, effective measures to protect your company’s systems will mitigate many of its cyber risks. You should download and install software updates as soon as these become available, as they often contain security patches. 
Similarly, use strong passwords; delete all suspicious emails, which could contain malware or be phishing attempts; and always use up-to-date anti-virus software.

One of the most crucial measure is to train all staff in these basics and keep them abreast of the latest threats. Human error is often at the root of a breach, the mere opening of an email attachment by an unwitting employee could cause one. 
You therefore need to develop a security-aware culture. The government’s Cyber Essentials scheme sets out five controls that would help to reduce cyber-attacks on your company.

Cyber Security Insurance
Insurance is not yet widely viewed as a cyber security measure. Indeed, only 22 per cent of business we have spoken to have taken out such cover for their firms. 

But products in this area can insure against a range of risks, including network security liability, data and software damage, business interruptions and reputational harm. 

Although some events, including the theft of intellectual property, remain uninsurable because the associated losses are hard to prove and/or quantify, insurance is likely to feature heavily in any effective cyber strategy in the near future.

Cyber Audit 
We think that the UK should take more of a lead in this area and that the UK government should have standards that should be implemented to enhance Cyber Essentials with a Cyber Audit regulation, which we think is very important once the UK leaves the EU.

The new Cyber Essentials should include a Cyber/IT Audit at least twice a year at unannounced times, training of staff four times a year using on-line training sessions and cyber security insurance policy which takes into account the GDPR regulations along with Cyber Essentials and a checking cyber Audit and all of this would  reduce the cyber security risks and should reduce the cost of a business cyber insurance policy. 

Please contact: Cyber Security Intelligence for more information.

Image: Alpha Stock Images / Nick Youngson

 

« The GDPR Deadline Is Near & Business Is Not Ready
Infraud Cybercrime Site: Dozens Arrested »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Magnet Forensics

Magnet Forensics

Magnet Forensics' family of digital forensics products are used globally by thousands of law enforcement, military, government and corporate customers.

DoSarrest Internet Security Ltd

DoSarrest Internet Security Ltd

DOSarrest is a fully managed security firm specializing in cloud based DDoS protection services to a worldwide client base.

National Cyber Security Centre (NCSC) - Netherlands

National Cyber Security Centre (NCSC) - Netherlands

NCSC Netherlands coordinates enhancing the cyber resilience of the Netherlands in the digital domain.

SAI360

SAI360

SAI360 (formerly SAI Global) provide products and services for enterprise risk management including Governance, Risk & Compliance and Digital Risk solutions.

Deceptive Bytes

Deceptive Bytes

Deceptive Bytes provides an Active Endpoint Deception platform that dynamically responds to attacks as they evolve and changes their outcome.

Inavate Consulting

Inavate Consulting

Inavate Consulting are experts in defining and implementing information assurance solutions and governance frameworks. Our ISO27001 consultants are the most experienced in the industry.

Gigacycle

Gigacycle

Gigacycle is one of the leading IT disposal and recycling providers in the UK. We specialise in IT asset disposal (ITAD) and data destruction.

Ecubel

Ecubel

Ecubel is the market leader in Belgium in buying and selling used IT harware guaranteed by a certified data erasure.

At-Bay

At-Bay

At-Bay is the world’s first InsurSec provider designed from the ground up to help businesses tackle cyber risk head on.

NDK InfoSec

NDK InfoSec

NDK InfoSec is a specialist Information Security and Cyber Security search firm. We're not just a security function in a larger generalist recruitment company.

Emtec

Emtec

Emtec’s cyber security team provides advisory, assessment, & managed security services that help you build the cyber security policies, toolsets & best practices to elevate your cyber security posture

Plerion

Plerion

Plerion is an all-in-one Cloud Security Platform that supports workloads across AWS, Azure, and GCP delivering cloud security posture management, workload security, data security and more.

Secure Halo

Secure Halo

Secure Halo has been protecting the intellectual assets and sensitive information of the federal government and private sector for 20+ years, through our proactive approach to risk and cybersecurity.

StepSecurity

StepSecurity

StepSecurity provides a comprehensive security platform for GitHub Actions.

Q-Bird

Q-Bird

Q*Bird's mission is to provide equipment for the current, and future European quantum internet.

Aspiron Search

Aspiron Search

Aspiron Search is a niche-focused Cybersecurity search firm that works exclusively with venture-backed Cybersecurity firms.