Every week we see new headlines about the latest Malware and new types of cyber threats, engineered to cause disruption to organisations across the globe.
Cyber-headlines have become so common that it’s boring and more exciting news stories soon distract us. Although some are targeted, most cyber-attacks aren’t personal or even that well thought out. But as the problem continues to grow, we find ourselves discussing cyber security strategies in the same light as health and safety policies – it’s a job very few people are interested in and the responsibility gets passed around the workforce or worse still, ignored all together.
According to recent predictions, cyber-crime damages are due to hit in excess of 4.5 trillion pounds per year by 2021. What is astounding is that the figure dwarfs the profit made in the global trade of all major illegal drugs combined! I think it’s become such a lucrative underworld because it is so hard to effectively police. There are 3.8 billion internet users surfing 1.2 billion websites right now!
I talk to all kinds of small to mid-size businesses owners and IT Managers, and it’s easy to see how we feel a long way from the headline cyber-breaches on the likes of Yahoo and the NHS. People are generally aware that cyber-security is something to be taken seriously and when advised to consider it, sensible policies and practices are put in place. It’s good to see that, in a lot of cases, it’s no longer the ‘elephant in the room’ and it creeps its way onto the board-room agenda. Maybe that’s overly positive though as I’ve just read a report which tells me two thirds of small businesses still don’t think they are vulnerable.
People still click on phishing emails. Whether through curiosity, ignorance or malice, it’s the most common point of intrusion. With an average of 200,000 new known threats emerging every day it can easily seem like an impossible fight against the inevitable.
My opinion is that a structured and simple review process needs to be formed to suit your business. The more you can simplify this framework, the more likely it will get upheld on a regular basis.
As well as providing assurance that your infrastructure continues to provide adequate threat prevention, the review also needs to include disaster recovery planning, cyber-insurance reviews, cyber-awareness training and reporting. The systematic review of these strategic components will also simplify the implementation of any required changes (for example, with GDPR compliance).
In summary, in my daily life of IT consultancy, I’m as often pleasantly surprised by the proactive approach of an organisation as I am dumbfounded by the ignorance of another. I appreciate that it needs to be kept simple and approachable, but with a regular review process in place, you will be safer and more resilient against the ever-growing threat.
by Ollie Jackman – Taurus IT Consultant