Risk Assessment will be essential in 2015 as threats look to increase

2014 was an interesting year for cyber security.

High-profile attacks were launched against the likes of Sony and Staples in the US and longstanding vulnerabilities were being exploited.

Slightly more recently, the scale of the issue really came into focus with the news of 19,000 websites in France, ranging from pizza shops to military regiments, were hacked in the aftermath of attacks on the Charlie Hebdo office.

It has become clear that no business, large or small, is immune from these emerging threats.

The age-old cliché that technology is the future has become obsolete and the reality is that technology is the present and businesses operating on the periphery of the tech world will stand still.

As internet-enabled devices proliferate, so too must the means of securing them, meaning that businesses from all walks must wake up to cyber security.

Attacks to increase in 2015

In the year ahead organisations will have to be extra vigilant and firms will need to utilise end to end sophisticated risk assessment and mitigation tools to counter, with all the signs pointing to aggressive attacks as cyber security comes into focus as a priority at government level.

Cryptoware attacks will almost certainly increase in frequency and complexity in the coming year with financial targets as a primary focal point.

At the same time, we will almost certainly see more state-sponsored and terrorist-driven activity with perhaps industrial control systems being the main target.

The phenomenon that is the Internet of Things will push the issue of cyber security to the forefront of the company agenda.

Despite some notable victories in 2014, law enforcement agents are not likely to win in the longer term without the support and education of businesses and individuals alike.

But, plainly, identifying what risks exist and knowing how to counter them are different.

Counter measures

There is no silver bullet where cyber security is concerned and it is necessary to balance the risks with the need to function, and excel, in the modern business world.

Yes, you could adopt a reactionary to your data, banning all social media at work, for example, and encrypting everything that moves, and make your organisation more secure in the process. The flipside is that you could end up with a clunky organisation that can’t respond to change quickly and frustrate your staff in the process.

Gartner, in its list of top 10 strategically important technology trends for organisations in 2015, identified a need for businesses to adopt a risk-based approach to security and self-protection in the coming year.

According to the analyst house, businesses should recognise that it is not possible to provide a 100 per cent secure environment, calling for a more dynamic and vigilant approach. They have a point.

Risk is the price that businesses must pay to transact efficiently – we need to be connected to others to quickly share and collect information over the Internet, which brings its own security risks. But it’s how you manage, assess and deal with that risk

There is hope when organisations are prepared. We are seeing competent organisations reacting in a much more nimble manner to counter the mounting cyber threats, and would advise others to follow suit.

Rather than trying to stop everything at the boundary of the organisation – which could ultimately render an organisation unworkable – security officers should be monitoring their internal workings more proactively and reacting to attacks in a much more dynamic manner in 2015.

Schemes, which enable organisations to identify the necessary skillsets and the competent individuals who hold them, are therefore, crucial.

The manner in which companies address these threats will need to become more advanced – and quickly.

Assessing their capabilities and competencies in all respects is a much more effective way of dealing with the new style of threats and this can be done on an almost routine basis using capability assessment tools.

The battle against the criminals looking for instant/quick wins can be achieved by competent organisations, which utilise appropriate tools and appoint the right person to be their first line of defence.

Richard Pharro is CEO of global accreditation firm APMG.