Sounds like a bad joke, doesn’t it? But the answer is simple and no laughing matter: their understanding of the value of digital data belonging to other people. So it follows that to tackle cyber security, organisations must firstly understand their own data – to determine what they care about most and to understand the ever mutating nature of the risk. From this they can make sensible judgements and allocate the adequate budget to secure their networks.
New Kids on the Block
You could almost look back fondly now at the good old days when the threat was from amateur, often individual criminals. Looking at worst to cause embarrassment with service disruption or theft of IP. But the threat has increased exponentially in recent years.
Organised crime groups, often in league with corrupt states, have become the new disrupters. They have refined their skills to get inside an organisation’s networks. And can work out which data to monetise and how, often bringing business to a grinding halt and causing irreparable damage to brand in the process.
Orchestral Manoeuvres in the Dark
Predominantly it’s all about the money. But criminal fraternities care not if their illicit financial gain comes with a side order of unintended disruptive anarchy. The very public attack on UK health services in 2017 left us in no doubt of the cruel humour of this new invader.
A whole market has emerged in the supply of malware and cyber-crime services to the criminal consumer. And in recent times we’ve seen the emergence of political motive. These attacks demonstrating blatant disregard for the consequential damage to industry and populations elsewhere.
With the arrival of the new GDPR legislation in 2018, organisations should be compelled to review their cyber security provision. And with the governance, vigour and investment traditionally invested in areas like compliance.
Demand now is for bespoke, multi-layered security models including better threat intelligence, secure configuration and network security, and malware prevention to cover the full threat scale from prevention to mitigation.
What should organisations be doing about cyber security?
In very simple terms, there are three things you can do to protect your organisation and data against cyber-attack:
- Educate your staff – in how to be cyber aware and password etiquette. Yes, machine learning and Artificial Intelligence (AI) are already making cyber security more effective and efficient. But people cannot yet be completely relieved of the responsibility. Everybody must be vigilant, not just those working in IT.
- Bake security in from the start – so often viewed as a barrier to growth or innovation, security should be part of the development process. Systems must be designed with cyber security at the forefront and not considered as an inconvenient afterthought.
- Change your mindset – organisations that adopt a tailored, blended security posture will gain a huge competitive advantage over those with a ‘one size fits all’ approach. Recognise that you may need help from dedicated external security professionals to achieve this. Cyber security is now a recognised specialism and you would be unwise to assume your IT population are equipped with the right skills.
Well considered and implemented cyber security is becoming a differentiator. Get the right measures in place. Keep up necessary patching. Stay alert to the latest threats and you’ll avoid becoming the next victim of reputational damage, data loss or other destructive network attacks.
Organisations will need networks capable of meeting the increasing security demands as the threat landscape continually evolves with criminal sophistication.
Find out more
We work with leading security partners and are ready to discuss measures you can take to minimise the risk to your organisation. We can help you to design and build better and more secure systems for the future.