With technology sophistication continuously developing, a significant reliance on connected devices and an ongoing lack of corporate awareness, cyber-attacks in the modern workplace are more prevalent than ever. Attackers are becoming more judicious, and companies must respond quickly to protect their assets from potentially imminent breaches.
In the UK alone, approximately 2.9 million companies are attacked by cyber criminals annually, with cyber-crime costing an estimated £27bn every year. A lack of cyber security knowledge is an expensive mistake to make – Tesco Bank was fined £16.4m for security failures after a cyber-attack in 2016.
Throughout 2019 and beyond, cyber risk should be high on the business and boardroom agenda.Assessing your own risk is an important first step to mitigating it, and understanding the cyber dangers in your organisation will allow you to tailor your approach to cyber-security investment accordingly.
The purpose of a cyber risk profile is to measure your insurability, and can help businesses determine how vulnerable they are to cyber-attacks. Companies conduct a traditional risk profile to guide how investments are allocated, and in the same way, a cybersecurity risk profile
outlines a company’s known risks, policies and practices to monitor how far you need to go to protect assets and data.
Once you’ve looked at threats and determined your own exposures, an authority on cyber, information security and risk management, like the Information Security Forum, (ISF) can help you quantify risk and tackle the extensive security challenges that effect business
today.
Typically, many enterprises concentrate primarily on deterring cyber-attacks, but employing a resilience-based approach equips a company, enabling it to adapt to change. The Ponemon Institute released its fourth annual “The Cyber Resilient Organization” report in April this year, including 3,655 IT and security professionals, covering 11 different global markets: the US, Canada, India, Germany, Japan, Brazil, the UK, France, Australia, the Middle East and Southeast Asia. In the study, 960 respondents (26%) were recognised as high performers.
How are these companies accomplishing this heightened level of cyber resilience? To sum up, the high performers have robust response plans
in place, they address the skills gap and they have leadership that values these skills and acknowledge the importance of cyber resilience. Finally, these top companies are more likely to participate in threat intelligence and data breach sharing partnerships.
Cyber fears continue to haunt business owners, and the risk often begins within the company.
Although employees are a company’s greatest asset, they are also potentially its greatest risk, and while that has always been true in the area of customer relations, it’s now equally applicable to data security.
More than 25% of cyber attacks involve insiders, (intentionally or unintentionally) according to Verizon’s 2018 Data Breach Investigations Report, and the snowballing number of connected devices together with the growth in remote working, has led to an increase in opportunities for cyber-criminals, making it even more imperative that employees are engaged, encouraged and equipped to spot threats.
How can you protect your business? Human error in cybersecurity is still a leading cause of many data breaches, so education is vital. Organisations need to empower employees to take more personal responsibility for protecting critical and confidential information. Employees need to know the risk their online activities pose and how to manage it, because a lack of awareness, responsibility and accountability simply facilitates cyber-crime.
Engaging staff in the cyber-security discourse allows them to be more alert during early-stage phishing problems, and therefore more likely to report and stop a breach before it happens. Employees need to understand that they are a cyber-
crime target, and be invested to recognise and avoid attacks. Partaking in cyber security exercises will help your employees and business in the following ways:
– Reduce errors
– Enhance security
– Increase compliance
– Protect reputation
– Save time and money
– Maintain peace of mind
Business leaders can improve their ability to handle cyber-attacks by running cyber security exercises, increasing knowledge and reducing the impact should a real cyber-attack occur. ‘Performing cyber security exercises can help organizations improve their ability to detect, investigate
and respond to cyber-attacks in a timely and effective manner, ‘said Steve Durbin, Managing Director, ISF. The ISF’s ‘Delivering an Effective Cyber Security Exercise’ report was released to ISF members, and provides a detailed overview of suitable cybersecurity exercises, how to deploy them effectively and protect your company.
On account of the introduction of cloud solutions and more advanced technologies, cyber-defence simply has to be a company-wide commitment. Employee engagement, from the bottom right up tothe board, is essential for effective cyber-security. It must be viewed as a leadership problem, not just a technical problem, and establishments hoping to develop their cyber-security posture must give staff the right tools, knowledge and resources to protect the company. The board is responsible for governance and oversight of risk, so the development of a strategic framework should fall under their remit. While board members may not be cyber-experts, it’s their knowledge, expertise and
general understanding of risk management coupled with their stewardship, which are essential to nurture a cyber-resilient organisation.
Digitisation brings so much to the business table, but organisations will have to educate and adapt toreap the benefits. Cyber-security risk is still a significant board agenda item that shows no signs of abating, and maintaining resilience in this complex age comes down to the correct blend of people, processes and technology.
