Cybersecurity Advice For SMEs

Uploaded on 2018-05-01 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

Synopsis

We are at the beginning of an electronic revolution that like earlier industrial revolutions will substantially alter and change our society, the way we live, our engagement with others and this one will alter us as individuals. 

This revolution is a significant development and intergration of digital, physical and biological systems which will change our individual, national and global electronics, which has been called a Cyber Innovation or Web 0.3, but is probably best described as the 4th Industrial Revolution. 

This transformation will completely alter the way we live and experience life and it will happen far faster than previous industrial revolutions. 

This new electronic revolution is developing by employing emerging computing technologies such as cognitive electronics and using advanced analysis, nanotechnology, biotechnology, and quantum computing to develop everything from new methods of commercial production, to specific recognition and robotic bio-technology. 

This process will alter everything from enhance human brain thinking to automated avionics and robotics and this process will change all types of jobs within education, business, policing, the military and government.

By connecting even more billions of people using mobile devices, electronic connections, storage capability, information accessibility and processing power this revolution will substantially increase the size of the interconnected the world.  
This interconnected world of cyber offers enormous opportunities to gain understanding, insightful data, commercial expansion and government interconnection. All of which can seriously improve an individual’s knowledge, jobs and potential.  Perhaps more importantly this revolution is already positively and negatively altering our geo-politics and macro-economic development. 

The benefits that arise from these relatively recent electronic developments, such as cloud and cognitive computing, are beginning to become enormously influential. However, cyberspace also includes hacker criminal threats, and the growing arena of cyber-warfare.

The potential for engaging with and countering cyber-crime comes in many new unique ways, one of which is Automated Content Recognition technologies. These can extract visual data from thousands of information streams. It can do this simultaneously and use new algorithms that can search these cloud-based indexes in seconds. This produces a specific relevant answer within seconds something that would have taken hours and probably days using a human analysts production process. 

Some of the latest AI techniques allow users to identify specific moments or in-video elements with extreme accuracy. Whether it is facial recognition for national security purposes or tracking products to monitor ad spends, this technology has for instance the power to revolutionise how a range of industries use video to effect business and sometimes to monitor potential cyber-crime.

Everyone from governments, commercial organisations and you as individuals all need new understanding, strategies and specific tactics using Cyber’s outlook and potential. This requires a change in perspective, continued research and changes to working methods employing the relevant technology that projects into the new interconnected global future. It is very important that individuals, commerce, police forces, the military and all other aspects of government create and continually review an electronic cyber strategy ensuring that this is used in their tactics on the ground. The results will be far more effective, precise and relevant than can be achieved using traditional methodologies.

Each strategy should incorporate the different areas of electronic relevance to government, commerce and individuals that offer real opportunities for globally connected future progress, while ensuring that capable security is implemented and continually up-dated.

This 4th Revolution employs deep data analysis with interconnections and links to Bio-technology, Artificial Intelligence, robotics and the Internet of Things which will significantly alter us as humans and the places we work and live. 

When used well these processes ensure our security, as well as significantly improving the broader issues of global and national macro-economics, intelligence, law enforcement and geo-politics. 

When misused by criminals and cyber warfare activists this transformation has the potential for catastrophic outcomes – this book aims to reduce these potentials by informing and engaging with every reader to ensure that our positive potential and security is focused to build a very secure and opportunistic potential for the 4th Industrial Revolution. 

Current Situation

This new expanding area known as CyberSpace can be visualised as a vital electronic layer, similar to a nervous system running through many national and international sectors and systems. The electronic arena offers us ways to understand and communicate with different communities, commercial activities and to have global conversations allowing us opportunities to change activities and to alter what we, as individuals understand, and the organisations we work for and with, will become in the future. 

Cyberspace has already transformed many areas of an organisation’s operational and commercial engagement. It is evolving from a technical and often complex ecosystem, into a range of global and tactical actions, and has now broadened into a strategic systems planning requirement. 

From an individual’s view point these systems, if used well, offer an enormous amount of connectivity, data sharing and analysis that can really expand their views on the governance, intellectual progress and potential for work specialisation and productivity going forward. 

These cyber systems and their engagement require far more management and employee understanding and this involvement cannot be left just to technologists. Individuals, politicians and business employees and management must engage and understand the strategic plans, commercial opportunities and security implications. 

The very nature of the Internet creates global collaboration that is changing the way in which we view social connections and national borders. Now the modern globalised society is increasingly dependent on an array of organised and sometimes randomly interrelated electronic infrastructures. 

Many organisations see Cyber as a growing intellectually connected strategic and tactical policy network that has current and evolving opinion, news analysis and opportunities, but with significant security issues that can be used to steal and monitor an individual’s and an organisational data.

Networks leave "exhaust" data, which relates to the activities and transactions of network traders and collaborators, which in turn tells us forensically much about what happened with the data’s use.  We are unable to trap and reutilise this in the physical world. But in the cyber world we can. This is the powerful data that makes networks more efficient, individuals, customers better served, companies more knowledgeable. It is also a huge source of insecurity, and we have tended to trade off these disadvantages against the upside but we should do so no more.

The process now requires thoughtful planning, tactical implementations and far more electronic security and thoughtful analysis and potential opportunity understanding than it did even a few years ago. 

The changes that this technology brought to individual analysis processes has been incredibly significant, however the revolution will really occur once the digital cyber inter-connectivity is fully employed.

All of these issues need to be understood and engaged with at an individual through to a senior management level and this certainly includes those who are not necessarily completely engaged with IT issues as aspects of this change will affect all individuals, their social engagement as well as their working and national life no matter what type of work, research or social life they are part of. 

From a strategic and tactical point of view you should imagine that all or even some of your company’s confidential information becoming released into public knowledge. How would your customers, clients and employees, react? 
This type of overwhelming information release would compromise the reliability of your entire business and all current and future opportunities. As organisations of all sizes increase their dependency on information technology, potential technology breaches increase. 

Most large commercial organisations have actively included cyber risk management into their business strategy and within these businesses there is a wider understanding and awareness of the need for an inclusive and holistic cyber security threats analysis. 

Cyber systems damage, failure from hacking or malware attacks can take down an organisation’s operations and ruin its relationships with clients and customers and have sever public relations and media coverage. 

However, unlike large organisations, small and medium-sized enterprises (SMEs) generally do not regard cyber risk as a strategic component in their business model despite the fact that cyber risk for SMEs is a real and growing phenomenon.
 These attacks affect the confidence of suppliers and employees in the current and future business operations. Large organisations have, in most cases, now included cyber security into their management planning.  However, unlike the larger examples most SME’s – Small and Medium Sized Enterprises have not clearly understood or analyised their own cyber risks. 
Unfortunately, cyber, as a risk is not reducing, in fact it is a growing invasion of all areas of commerce, non-profit, charity and government sectors. 

SME’s make-up over 99% of the UK economy and are unsually defined as each having less than 500 employees – many with much less. SME’s have not adequately understood the risks, security issues and implications, or in fact the commercial opportunities that cyber analysis and discussion makes available for current business activity and future strategies.

We suggest that CyberSecurity teams are created that includes the CIO/IT Director must regularly report about Cyber directly to the main board of organisations, for them to fully understand and engage with the expanding Cyber security implications, threats and opportunities. 

From an operations perspective we propose that independent teams should be used to review and randomly check security processes, procedures and data and market opportunities on an irregular and regular basis. 
The security teams would be similar in concept to the Annual Financial Audits that are now legally required by most organisations. The Cyber Security Audits team would be independent of the IT department and its day-to-day operations. It should act as an independent Audit Team on an irregular basis throughout the year and frequently report back to senior management on changes to security and current and future Cyber plans and the team should produce current Cyber Security Audit Reports. 

In the world of SME most have not clearly understood the risks, security implications and are often unaware of current cyer attacks on their own business information or attacks on their commercial sector.
They do not train staff to recognise phishing emails and their management tends to think that the whole issue is an IT problem or a Cloud provider issue.

Also the senior management often think that they have reduced the problem by using cyber insurance however effective cyber insurance for most SME’s does not currently exist and less than four percent of SME’s have effective cyber insurance cover whereas over half larger corporates have very effective insurance cover.

Conclusions

Cyber must be put on the agenda of Board Meetings of SME’s and should be discussed and training and analysis implemented across the organisation as an on-going activity.

GDPR will begin to focus some attention but the Board must be made aware of the risks that this legislation highlights for their organisation.

Most businesses require a Chief Information Security Officer (CISO) either on the Board or directly reporting to it.
In the near future GDPR has a darker side for most organisations which is called Subject Access Requests (SAR’s) where the general public can ask an organisation what recorded information it has about the individual. If enough of these requests come together this could flood and take down an organisation’s ability to adequately respond and they will break the GDPR law.

Finally, if your organisation is still using unencrypted USB devices to store EU people’s data then article 32 and 34 of GDPR make it clear that data has to be encrypted to ensure compliance and to avoid expensive fines.

Alfred Rolington - GDPR Advisory Board

You Might Also Read: 

GDPR For Dummies:

 

« Website Linked To Attacks On UK Banks Is Shut Down
The Next Russian Cyberattacks Will Be More Damaging »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Opengear

Opengear

Opengear designs, manufactures and delivers the most feature-rich, cost-effective, flexible solutions for secure remote infrastructure management. Wit

Vera Security

Vera Security

Vera is a data security platform that provides 360-degree visibility and control over critical business data, anywhere it's shared or stored.

Cross Identity

Cross Identity

Cross Identity (formerly Ilantus Technologies) is a complete IAM solution that is deep, comprehensive, and can be implemented even by non-IT persons.

Texplained

Texplained

Texplained specializes in security audits of microchips to identify vulnerabilities and protect against invasive cyber attacks.

Cyber Security National Lab (CINI)

Cyber Security National Lab (CINI)

The Cyber Security National Lab brings together Italian academic excellence in Cyber Security research.

Modulo Security

Modulo Security

Modulo provides automated Governance, Risk, and Compliance (GRC) solutions.

URS Certification

URS Certification

United Registrar of Systems (URS Certification) is an independent certification body operating in more than 30 countries within the multinational URS Holdings.

Learn How To Become

Learn How To Become

At LearnHowToBecome.org, our mission is to help any job-seeker understand what it takes to build and develop a career. We cover many specialist areas including cybersecurity.

oneM2M

oneM2M

oneM2M is a global organization creating a scalable and interoperable standard for communications of devices and services used in M2M applications and the Internet of Things.

New Enterprise Associates (NEA)

New Enterprise Associates (NEA)

As one of the world’s largest and most active venture capital firms, NEA has developed deep domain expertise and insight into our industries of focus - technology and healthcare.

IP2Location

IP2Location

IP2Location provide services to identify geolocation by IP address, and to detect IP addresses associated with anonymous proxy servers, which are often used for fraud and spamming purposes.

Sovrin Foundation

Sovrin Foundation

The Sovrin Foundation is a private-sector, international non-profit that was established to govern the world's first self-sovereign identity (SSI) network.

Action1

Action1

Action1 is a Cloud-based lightweight endpoint security platform that discovers all of your endpoints in seconds and allows you to retrieve live security information from the entire network.

Obsidian Security

Obsidian Security

Protect your business-critical applications by mitigating threats and reducing risk with Obsidian, the first truly comprehensive security solution for SaaS.

ISO WISH

ISO WISH

Take your Business to the Next Level with ISO Certification in UAE.

COGITANDA Dataprotect

COGITANDA Dataprotect

COGITANDA are a group of companies focused on dealing with cyber risks, managing them and insuring them.