Cyber security is one of the dominant issues faced by business and government.
Stories of huge data breaches and the subsequent financial losses that follow often appear in the media, leading to damaged reputations, reduced consumer confidence and knee-jerk responses.
The way the issue is presented by both the media and cyber industry is often alarmist, with the facts confused by buzzwords and hyperbole.
Scary headlines sell newspapers and generate clicks for online articles, but what is the security companies’ excuse?
They know that fear may scare victims into opting for their often very expensive products, which promise to be the much sought-after silver bullet in reality, there is no one wonder fix for cyber security.
Organisations need to implement their security measures systemically and effectively, spending money only where it is necessary and not where it isn’t.
Safeguarding data and systems doesn’t need to be expensive. The simple introduction of basic accreditations such as Cyber Essentials, or basic maturity models, plays a major role in reducing the threat.
The education of employees and the introduction of a cyber-aware culture will cause the number of incidents to fall sharply.
It is a process that one cannot and should not be panicked into. However, this doesn’t mean that businesses should just wait for an incident to happen before doing anything, either.
Under new legislation, organisations face huge fines from government bodies for not having adequate defences in place to protect their own data and those that they hold for others.
The outcome of Brexit negotiations will not affect the need to comply with new EU regulations.
All organisations that handle sensitive data must prepare for them, since last-minute rushes will be expensive and inadequate.
ONS figures show scale of cybercrime
According to figures released in July by the Office for National Statistics, cybercrime now accounts for 40 per cent of all crime recorded in the UK.
Of the six million cyber-security breaches recorded, two million were the result of computer misuse. This ranged from people opening emails infected with malware to people looking at rogue websites and having their machine infected.
This huge figure of misuse is easily eliminated.
It’s all about people
The most effective way of reducing risk is to develop a cyber-aware culture that runs right the way through an organisation.
From the chief executive to the intern, an organisation’s workforce is often cited as the weakest link when it comes to cyber-attacks. In many incidents, malware infects an organisation’s systems via an email accidently opened by a member of staff, or by someone clicking on a link that downloads and inflicts something nasty on to their businesses networks.
To avoid incidents like this, an organisation should invest in cyber-awareness training for its employees and supply chain partners. Education can teach employees the signs of phishing and spear phishing emails, as well as helping people to understand social engineering and how social media can be a route into an organisation for criminals. If everyone in the company knows what to look for and what to avoid, the chances of a breach will fall sharply.
By taking a measured approach to implementing cyber security, an organisation can gradually reduce the threat without causing huge disruption to its operations and balance sheets.
It’s best to take action now rather than delay until a time when costs and effects are outside your control.
This measured approach will also reduce the impact on your workforce and productivity.
If an organisation does suffer a breach and does not have effective cyber security in place, the effects can be extremely debilitating, especially in the case of small or medium-sized enterprises.
Mitigate the cyber threat
PGI helps organisations to implement a cyber-aware culture every step of the way.
We can assist in attaining certifications from Cyber Essentials through to ISO 27001, and deliver cyberawareness training that will be of great assistance in implementing a cyberaware culture and significantly reducing the risk of attack.
Incident response plans are the first step in mitigating this risk.
These plans should consider the current threat intelligence and have a solid understanding of the attackers that threaten organisations.
An incident response plan should outline who is responsible for each area that is likely to be involved in a security breach; what steps they should take in this event; what resources they can call on (including external consultants); and whom they should communicate with.
It will list the possible types of attack and how best to identify, contain and eradicate these, and how to recover from them with as little impact on business as possible.
Incident classification and severity ratings give a basis for a manageable set of procedures to handle security breaches.
Protective Monitoring services ensure that your organisation has an early warning system in place. Experts keep an eye on your systems and warn of any attempted breaches.
The main benefit of this is that it lets you focus on your business operations.
PGI aims to close the skills gap
People wanting employment within the sector are looking for practical training; and organisations need employees with the right skills. PGI aims to be a major contributor in the struggle to close the skills gap.
At our state-of-the-art Cyber Academy, based in Bristol, we provide an immersive technical environment to educate people to become the next generation of cyber-security professionals. The academy offers the most sophisticated training on the market in techniques for cyber defence, cyber-threat intelligence analysis and organisational leadership roles, with training delivered both on- and offsite.
From the basic theory to the advanced techniques taught in our Advanced Threat Methodology and Digital Forensics courses, we can educate someone through every stage of their cyber-skills development to externally certified recognised standards.
By investing in the training of their staff, businesses can ensure they have the right people in place to tackle any security issues that may arise in the future. In short, spend a little now to save a lot when disaster strikes.
*This article was first published in the New Statesman