Cyber Security is Now Business Critical (£)

Uploaded on 2016-07-27 in Directors Reports

Whatever their sector or size cybersecurity is now critical for any organisation.

Most companies only learn the hard way about cyber-attacks – as they get hit and often the senior board only hear about some of these attacks as in the electronic consciousness of the IT department they are boringly too often to report and need more focus on the recovery and refocus.

 As HR, data, marketing, finances and customer relationships are all inextricably linked to technology, you must take steps to protect all your online assets but also to continuously understand the changing electronic security issues. 

The areas at risk have grown but some of the areas you should ask about are; employee data security, insurance numbers, salary data, banking information, company business card data, customer lists, trade secrets, email access, software licenses, 3rd Party Content/Agreements.

Nearly all businesses suffer cyber-attacks, with around 82% of large businesses suffered a security breach in 2015 and 59% with Cyber hacks at small businesses of under £10m turnover. The costs to larger operation of over £10m is now between £500 and £1.4m with the costs to under £10m businesses at between £50k and £130K.

There are believed to be around 119K Cyber hacks daily, with the average cost of a data breach for larger organisations of over £20m turnover to be around £1.4m.
However, all the recent research shows that although senior management is seriously concerned about the attack levels and is trying to take measures to reduce the attack levels but research shows that most firms have only a very basic security protection process in place.
Now the actual number of hacking attacks is beginning to reduce however, that is because the hackers are becoming more focused and specific in the way in which they can now hack and use malware et al. And so you do need to continuously protect your private and commercial information on an ongoing audit process that measure and also predicts the new attacks and takes measure to reduce the attack levels.

This is an on-going process as for instance the hacks on basic data cover many areas from strategy to employee records, sales plans, customer data, financial accounts and legal copyright. One question you should continue to ask is if I were wishing to use the company’s data for gain what would I steal?

Important Areas of Cyber Security 

Here are some areas that need to be considered and require security planning:

1.    Your managed computer systems should only be accessed by authorised employees.

2.    If you have sensitive information to pass on, use technologies such as Box.com, which has services to send and receive documents in a secure and authenticated manner. 

3.    Internal mail should be monitored and reviewed using strategies and plans that employees follow that can detect hacker’s attachments.

4.    Good frequent discussion, presentation and communication with your employees about how to protect and use information within the organisation and the information coming from outside. 

5.    Training in IT security and commercial analysis should now become a training requirement for your organisation and should be continued in all areas of the business. This should include personal and group training for the Board, Senior and middle management. 

6.    The majority of hacking attacks happen because of employee’s and management mistakes. Often it is human interaction which is the real issue causing security breaches. 

7.    Social engineering is the industry’s term which is used when a Hacker uses relationship knowledge to gain access to information that would be otherwise be secret or private and certainly publically unavailable.

8.    Old systems, out of date PC’s and Mac’s which are still used within a changing environment require security and monitoring up-dates.

Cyber security these days requires planning and an engaging strategy that your employees are aware of when aspects affect their areas and themselves. There are a lot of quite simple measures that improve your commercial security and these should be frequently checked and up-dated.

Sending phishing emails to commercial employees is common method used by cyber hacking criminals use to get inside your system. Over one hundred million phishing emails are sent daily and around 7/8% are opened which gives the criminal access to private data. Again education of management and staff is really important and is the best method of prevention.
Unfortunately, around 60% of management do not understand Cyber security risks and how it affects the business and their areas that they are employed to manage and around half do not think Cyber is their problem. 

Nearly half or all organisations do not have an adequate cyber security budget and they do not have the right employee training and knowledge and they do not clearly interconnect with other parts of the organisation’s personnel and structure to help monitor their own use of cyber and the best methods of use and protection. 

There is often a rift between Directors, IT’s believe and planning and the perception by security personnel working to protect company assets. 

Seventy percent of Directors say they have responsibility with managing and monitoring risk. However, reviews and audits assessments often reveal that they do not have the basic understanding required to comprehend Cyber data and the requirements necessary after an attack and current risk assessment has taken place.

As a Board member you should honestly review your understanding and comprehension of the issues surrounding Cyber security and the data analysis opportunities offered to the business. Ensure you continually up-grade your understanding and engagement with these IT systems as it will certainly help your organisation, it will also improve your questions to clients and employees, and it will improve your career understanding and prospects. 

However, there is a IT gap that you need to be aware and check and that is the lack of talent and experienced cyber security IT specialists that are available. You need to be aware that given the current threats that an increase in security IT personnel will probably be necessary.    

 

« Cyber-Attack Takes Down Pokémon Go
Data Science’s Commercial Opportunities (£) »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Pro2col Limited

Pro2col Limited

Pro2col is an independent consultancy specialising in secure managed file transfer solutions.

Bryan Cave LLP

Bryan Cave LLP

Bryan Cave LLP is a global business and litigation law firm. Practice areas include Data Privacy and Security.

Egress Software Technologies

Egress Software Technologies

Egress Software Technologies is a leading provider of data security services designed to protect shared information throughout its lifecycle.

Secure Technology Alliance

Secure Technology Alliance

Secure Technology Alliance is a multi-industry association working to stimulate the adoption and widespread application of secure solutions.

Referentia

Referentia

Referentia leads the development of critical infrastructure solutions that benefit society, including cyber security and network performance management.

Flashpoint

Flashpoint

Flashpoint is a globally trusted leader in risk intelligence for organizations that demand the fastest, most comprehensive coverage of threatening activity on the internet.

Sentropi

Sentropi

Sentropi is an online protection solution against charge backs, account takeovers, identity thefts and online scams.

Rippleshot

Rippleshot

Rippleshot is a fraud analytics firm that detects mass card compromises faster, allowing issuers to execute more proactive fraud detection strategies.

Verodin

Verodin

Verodin is a business platform that provides organizations with the evidence needed to measure, manage and improve their cybersecurity effectiveness.

NewGens

NewGens

NewGens is a solution and service provider to banking institutions in the APAC region. Areas of expertise include cybersecurity, AML, fruad prevention, compliance and risk management.

Amadeus Capital Partners

Amadeus Capital Partners

Amadeus Capital Partners offers over 20 years’ experience in technology investment. Our areas of focus include AI & machine learning and cyber security.

PreCog Security

PreCog Security

PreCog Security is a US based cybersecurity risk mitigation company. We specialize in helping you find, minimize and manage vulnerability risk within your product, network and process.

Char49

Char49

Char49 specialize in Penetration Testing, Red Team Assessment, Social Engineering and Security Research.

6clicks

6clicks

6clicks is an easy way to implement your risk and compliance program or achieve compliance with ISO 27001, SOC 2, PCI-DSS, HIPAA, NIST, FedRAMP and many other standards.

Astrix Security

Astrix Security

Astrix enables security teams to instantly see through the fog of connects and detect redundant, misconfigured and malicious third-party exposure to their critical systems.

Data Pie Cybersecurity

Data Pie Cybersecurity

The Data Pie Cybersecurity Consulting offers a 360° around protection for your IT security. Security awareness solutions and consulting.