Cybersecurity in the headlines. Again…
Survey findings reveal lack of cybersecurity awareness in the UK
Compared to many other counties, the UK has been shamefully slow in developing its own core cyber security industry.
Last week, the government published its Cyber Security Breaches Survey 2016, with such findings as “Senior Managers in larger companies feel they have devolved responsibility for cyber security to external contractors and so no longer need to concern themselves with it internally” drawing our particular attention. The UK’s digital economy is growing ever stronger; British consumers are the biggest Internet shoppers in Europe, so more and more businesses are using the Internet to do business and find new customers. And around half of those UK businesses use some sort of externally-hosted webservice.
The survey reports that a quarter of businesses confess that their senior managers are never given an update on any actions taken around cyber security. But it’s such an important and rapidly-evolving issue, that this far down the line needs to be integrated into business strategy. Spending on cyber security is driven by business need and a great many companies are unaware how badly they need it. There’s nothing like a damaging cyber attack for a catalyst for investment and you’re constantly at risk, such as when working with third parties, outsourcing or letting employees use personally-owned devices (which 45% of companies do). When you do outsource, cyber security is often a bolt-on part of the maintenance package too, or the decision to hire one over another is based on trust from an existing relationship, rather than on their cyber security credentials. It’s also very common to find businesses that don’t bother to restrict access to privileged accounts. These privileged accounts are what hackers for look for once past the perimeter, which is why Wallix’s WAB suite is such an vital investment: the WAB suite protects these privileged accounts from attacks from both outside and within, and lets you control, monitor and record administrator sessions across multiple crucial systems, so you always know who’s looking at and doing what.
The real cost of cyberattacks…
Cyber security is still not generally considered by many to be an IT compliance issue, but it will be before long. It’s something we need to learn and get better at at all levels, because businesses today hold a lot of sensitive commercial and diverse customer data. As the survey shows, too many of these believe that there wouldn’t be any major consequences from losing data, certainly none that the business couldn’t rebound from. But there are thousands of companies suffering financial loss, disruption, and theft of intellectual property as a result of cyber crime. 65% of large companies detected a cyber security breach or attack in their past, with £3m being the most costly breach identified in the survey, yet it’s an issue that lots of people – including those at high levels -- are still reluctant to talk about due to damage to their brand reputation.
Could your business withstand a £3m breach? If your systems were hacked and all of your sensitive data compromised because of out-dated security policies, how would you explain that to the shareholders and/or investors? A quarter of all businesses detected one or more cyber security breach in the last 12 months and as time goes on, clients won’t appreciate companies who remain tight-lipped on topics they keep seeing crop up in scandalous front page articles every week. 69% of businesses say that cyber security is a high priority for senior managers, but only half have attempted to identify the cyber security risks faced by their organisation e.g. through health checks, audits or risk assessments, and only 29% have formal written cyber security policies. How quickly would cyber security become a priority for your business if your network was breached and your CEO or MD had to appear on the News at 10 to explain why?
Where you stand…
There is still a lot of work to be done and businesses need to change their behaviour. We continue to witness a steady stream of cyber attacks on firms that assume they have the best security but still don’t have a proper understanding of the possible impact on their business, or what they should do about it. Only 17% of businesses have sent their staff to some form of cyber security training in the last year, but cyber crime is evolving so much faster than that. Aside from the monetary aspect, many businesses are also hesitant to ‘upset the apple cart’ of their friendly staff culture by imposing new rules and policing employees, which is another reason so many businesses trust Wallix’s WAB Suite to deliver privileged access management. It’s all-seeing and trustworthy, specifically designed to cover all of the risks associated with access privileges without interfering with your daily activities.
Another disturbing finding in the survey was the overwhelming majority of businesses who, whether they are aware or not, are not insured specifically against cyber security breaches. In fact, only 3 in 10 have policies that cover personally-owned devices, and only 6 in 10 have policies that actually cover cloud computing. Lack of awareness, up-to-date advice and easily-available government and UK PLC information might explain why some businesses appear so clueless at the moment – there’s plenty of chatter about their complacency surrounding generating awareness and support re: cyber security. The UK government may be building plans to help businesses best deal with cyber attacks, but why wait any longer for them to catch up when it’s you who suffers the consequences?
Follow us as we continue to report on how can help companies through the complexity of managing internal threats and operational compliance.