Skip to main content

Who is responsible for protecting a business against cybercrime?

Emerging trends within the working environment have many organisations clambering for new ways to ensure that they are safeguarded against any malicious attacks. The introduction of smart phones, tablets and cloud computing have opened up new avenues for cyber criminals to infiltrate an organisation's IT system, leaving many companies vulnerable.

Cyber crime has become extremely sophisticated over the past decade. 10 years ago cyber criminals would have required sophisticated technical capabilities to code their own malware and distribute it. In 2012 hackers can access all the tools that they require online through a managed service, consequently allowing non-technical individuals an easy entry point into the world of cyber crime.

This rise in malware coupled with the proliferation of technology in the working environment signifies the need to rethink security strategies so their business is safeguarded against attack. Even though many businesses agree with this sentiment there seems to be an air of confusion as to who is responsible for cybersecurity within an organisation. Does this fall under the remit of the IT department or senior management?

This responsibility should be shared between both parties, ensuring that the organisation is protected from all sides of the operation. Whilst it is the responsibility of the IT department to implement relevant security protocols, senior management must also ensure that employees are aware and able to identify cyber security threats.

As threats become more sophisticated and frequent, "defence in depth" needs to be considered. This essentially creates a unified barrier against malicious attacks, resulting in the creation of a multi-layered shield around a company's security infrastructure, protecting it and the information it holds at different levels.

Safeguarding sensitive material including customer information is paramount for any organisation, so they must ensure that everyone is not only aware of these threats, but that they have been effectively trained in how to recognise, report and handle such threats.

This approach coupled with the implementation of new, sophisticated security measures such as cloud-based protection will help to create an impenetrable barrier against malicious attacks.

Managing risk and exposure is not something that will happen overnight but is an ongoing, lengthy process and one that is significantly less work and hassle, compared to rebuilding a compromised infrastructure.