Today’s security landscape is constantly evolving. Over the last year alone we have seen numerous data breaches, large cyber-attacks and changes in UK legislation when it comes to data security.
One of the biggest challenges organisations face is the ever-changing nature of these threats. While on the one hand it’s clear that businesses and governments need to collaborate to keep pace with the hacker community, it is also clear that businesses are wary of handing over significant amounts of data, particularly when this relates to the security of their systems.
As such, hackers are getting the upper hand by sharing data and resources in a mutually beneficial way to step up the attack on large organisations. With hackers working together to infiltrate businesses networks how can businesses better protect their data and get the upper hand on cybercriminals?
A simple answer is through employee education. Research last year found that over 90 per cent (opens in new tab) of data breaches in the first half of 2014 were a direct result of staff errors; most could have been avoided if the businesses was better equipped to handle and mitigate against security breaches and employees were better educated about how to identify cyber threats.
In this article, Rob Norris, Director of Enterprise & Cyber Security in UK & Ireland at Fujitsu (opens in new tab) looks at the rise of digital services amongst consumers, how this has left organisations wide open to cyber-attacks and how a two pronged approach to cyber safety can help businesses safeguard their business assets.
The case for employee education
It’s unsurprising that businesses are struggling to cope with the rapid changes in today’s threat landscape. Not only are cyber criminals becoming increasingly advanced, but as some businesses are becoming digital first, organisations are becoming exposed to new vulnerabilities and entry points for hackers.
In fact Fujitsu’s Digital Inside Out research (opens in new tab) found that 1 in 4 (25 per cent) consumers will always use digital applications of services when available.
This is where the risk emerges for businesses. Businesses are using and increasingly demanding digital services in the workplace, without understanding 1) the value of their businesses data and 2) how to recognise and protect the business from threats. In fact research launched this week by Fujitsu found that 1 in 4 employees have no idea of the value of business data; only one in ten (7 per cent) rate their business data as more important than their personal information, and nearly a third (30 per cent) agree that they worry more about losing personal data than business data.
While there is no quick fix in changing these perceptions the process needs to start with employee education. While technology has clearly become an enabler for businesses - as remote working increasingly becomes the norm - businesses need to ensure employees are more accountability when it comes to protecting/ handling business data, whether working in the office or remotely.
The case for threat defence
While giving employees the skills they need to become part of the ‘threat defence’ as a means to mitigate against threats that have infiltrated the business – counter measures can be taken to prevent breaches entering the business network. To protect your critical information against a potential breach, there are three key approaches to cyber security that should be considered:
- Knowing what information is important to your business: The first step in protecting your organisation is ensuring you understand what information is most important to the business. Once you have that understanding, it will be much easier to know how you can protect it
- Focus on the threats relevant to your business: While it may sound simple businesses need to be proactive in identifying threats and their impact on the business. By taking things back to a risk-based approach; identifying which threats pose the greater threat and planning for these you will be in a better position to defend and protect your business assets
- Make sure your business has a Security Incident Response process: Once a threat is detected its essential businesses have the ability to respond to this in a well-defined and practiced manner. Effective security controls and trained personnel, coupled with a tested Security Incident Response process are invaluable when faced with a real-life security incident and will save you time and help mitigate against the impact of the threat
There is not a single solution to safeguard your businesses from cyber criminals. Organisations need the people, processes and technologies in place in help them become more proactive in their approach to cyber security.
Being reactive and waiting for incidents and events to happen will ultimately leave businesses on the back foot and increasingly vulnerable to threats.