The threat of a cyber security attack to UK businesses is an ever-growing risk. As the numbers rise and the frequency quickens, it is becoming more and more essential that each and every organisation across the country invests in a cyber strategy. It is only by applying these processes and guarding against potential breaches that the likelihood of an attack can decline. Statistics from the BIS 2014 Information Security Breaches Survey indicated that 81% of large organisations have experienced a breach in some way, with costs ranging from anywhere between £600,000 and £1.5m as a result. Two years on, the situation is even more serious.
In 2012, the government released a ’10 Steps to Cyber’ whitepaper document that looked to advise businesses on how best to protect themselves. Four years on, and it is understood that two thirds of the FTSE350 have implemented the advice given, with much of what is included still relevant today. The paper is obviously an important guide to the larger, more established firms, but is it scalable to SME’s who in 2016 face an equal risk?
The document has been compiled by the CESG, and is regularly updated to give input on the latest cyber security trends. The process begins with the development of an Information Risk Management Regime. You are encouraged to view the protection of your data in the same way you would the legal, regulatory and financial aspects of your business, and secure your information as such. To do this, the government recommends several areas that need addressing, from removable of media controls, to monitoring and network security, all of which need sharing across your organisation to ensure continuity.
The most recently updated document that the government has produced to complement the 10 Steps whitepaper is called Common Cyber Attacks: Reducing the Impact; and was released in 2016. This particular document takes a more forceful approach, referencing the statistics we have above, and giving a more detailed understanding of who is looking to breach your system. This includes cyber criminals and hacktivists, but also employees too, whether by accident or otherwise. By presenting a series of security controls, such as malware protection, password policies and user access parameters, the government is again aiming to highlight what measures can be taken to secure business interests.
It is obviously illuminating that such a large percentage of the illustrious FTSE350 are following the government’s advice and have implemented the supplied regimes. What would be more interesting to know is whether organisations at the lower level take heed? Much of the language used is quite technical, appearing to elevate these forms of protection outside the budget of a smaller business. Although they may seem daunting, the processes that the government are introducing here are easy to implement. With the help of an experienced cyber security company, the appropriate measures can be introduced to companies of any size. The fact is that investing in security is crucial and must be budgeted.
If you’re an organisation struggling to come to grips with incident management and network perimeter defences, then speak to Digital Pathways today.
We promise to explain the details and help you implement controls that you understand how to monitor, rather than defences you have no idea how to control. Establishing a risk management regime is crucial, but having to create one alone is not.