A recent survey has once again highlighted the urgent need for UK business to take cyber security more seriously. The survey, by Ultima, found that 65 per cent of companies don’t have any security solutions deployed onto their mobile devices, and 68 per cent of companies do not have an awareness programme aimed at employees of all levels to ensure they are cyber aware.
Despite the never ending stream of organisations and enterprises that have experienced data loss, many companies are still failing to protect their businesses appropriately from cyber-attack. Research by Check Point shows the average enterprise downloads unknown malware every 4 seconds, and yet a third of UK companies by their own admission are woefully underprepared for such attacks.
What’s more, they are not educating their employees who are often the first line of defence with regard to cyber threats. Check Point found that one in five employees will be the cause of a company network breach through either malware or malicious Wi-Fi.
And don’t think your business is immune. Every business is at risk. Consider Sports Direct who noticed its systems had been compromised in September 2016, but it wasn’t until December that they discovered the data breach – including names, email addresses and phone numbers. Three had 76,373 customer’s information taken, and then there’s the infamous Tesco data breach in 2016 where as many as 20,000 customers had money stolen from their accounts.
These companies were able to weather the storm, but for smaller companies such data loss can result in failure. Without the right cyber security in place your company risks being held to ransom or going bust. Putting the best possible threat prevention tools in place should be a high priority for all boardroom discussions as the capabilities increase and the costs continue to reduce for decent cyber security.
With a rapidly changing IT landscape, systems that were once integrated, dynamic and fit for purpose become tired, archaic and unsupported from cyber-attack. The larger and more geographically dispersed IT gets, the harder it is to maintain visibility and the easier it is for attackers to penetrate. Traditional perimeter IT security controls, such as firewalls, do not protect businesses against all forms of Internet borne malware threats. To ensure a robust, up-to-date solution is protecting your business 24/7 engaging a managed IT service solutions provider is a good way to protect your business. But there are also three key areas I believe you should be looking to improve:
1. Assurance as a factor of organisational success
Many organisations are facing ever increasing levels of complexity and ambiguity in managing their Assurance through Governance, Risk and Compliance (GRC) processes. These challenges need to be addressed dynamically and with structure to deliver stability for both the organisation and its customers.
A modern Assurance platform should deliver total governance within the organisation’s business framework and objectives. It will provide a detailed reporting solution for the policy management team and a well-conceived decision support mechanism for higher management when needed. It should deliver continuous risk management across multiple zones within the organisation. Above all it should provide a clear understanding of the risk level that the organisation is facing.
Selecting the right systems for an effective Assurance process strategy requires some general considerations:
- Cost efficiency - including the total cost of ownership (TCO) across infrastructure, consultancy, training and management.
- Vendor reputation – an organisation should choose its GRC partner carefully and based on experience, longevity and demonstrable capability within the organisations market.
- Product Strategy and Vision – a partner should be able to show their long term strategy and prove that their systems will be able to evolve to fit within the GRC landscape in the medium to long term.
- Simplicity – most up to date GRC platforms will provide an organisation with a clearly defined workflow, strategic management capabilities, pre-defined reporting and mobile ready interfaces for simplified operation.
- Integrated Capabilities – modern GRC platforms will integrate policies, controls, risks, assessments and deficiencies across the organisation.
- Collaborative – modern platforms will also deliver a seamless experience for users across multiple domains and environments, allowing for shared resources and policies.
2. Threat prevention security
Many organisations believe that the threat prevention tools and strategies that protect their enterprise scale counterparts are beyond their reach. This is not true. To cater for the growing demand for enterprise scale security, providers are developing tools that deliver advanced threat protection and prevention while remaining agile, scalable and intuitive for SME’s too.
These systems will allow your business to carry on functioning while automatically maintaining the threat prevention and compliance standards that your customers are demanding.
3. Visibility is the critical factor in gaining control over your information security management
The growing complexity of business requirements for applications, services and innovation is driving a new approach to security management. Security management systems have traditionally relied upon a mix of manual process change, data silo’s, sprawling policies and an array of products – often from various vendors – that don’t necessarily communicate with each other. Today’s businesses need security management systems that are fully integrated, supremely agile and totally efficient.
Gaining an instant snapshot at any time of your company’s security position allows a security manager to understand the current risk. A good dashboard view will provide visibility for devices, configuration, current attacks, exposure to future attacks and non-compliance risks. It will help all those tasked with any aspects of the company’s security to gain an understanding of possible threats, and give them the ability to deal with those threats appropriately. It will also build a proactive profile of normal behaviours within the organisation, and allow you to automatically respond to strange behaviour or threats.
I believe, if you address these three key areas and implement a solution that puts control into the hands of managers, giving them confidence in their policies and procedures across their devices, network and data, it will go a long way to preventing cyber-attacks. But you must couple this with the right employee education on how to safeguard their devices from cyber-attack, only then can you be more confident your critical business data will not be lost.
Scott Dodds, CEO, Ultima
Image source: Shutterstock/jijomathaidesigners