Skip to main content

Prioritising policies: how business can avoid becoming cyber-complacent

(Image credit: Image source: Shutterstock/jijomathaidesigners)

The rapid development of new communication technologies and online tools has led to more of us being more connected, and around the clock. Our lives and businesses are in many ways intertwined, with so many workers and consumers relying on personal or sensitive information to access the services they need. And while the technology boom in recent years  – from cloud storage to IoT devices – has brought down barriers and allowed businesses to flourish on a global scale, it has simultaneously further exposed corporate and customer data. As a result, there is now an even greater onus on organisations to implement effective security protocols, with a lot more at stake than just financial results.

Worryingly, 2019 UK government statistics reveal that less than a third of businesses (31 per cent) and charities (32 per cent) have carried out a cybersecurity risk assessment in the last 12 months, showing that there is huge room for improvement to ensure the right processes are put in place to protect information consistently. A recent study even revealed that nearly two-thirds (65 per cent) of IT security decision-makers believe their organisation is complacent about protecting its customers’ data.

Sophisticated cyberthreats, coupled with a knowledge gap in the IT industry, offer reasons but not excuses for why this apparent ‘cyber-complacency’ may be happening – but growing risks demonstrate that this complacency cannot continue. As the cyberthreat landscape continues to widen and cybercriminals become more skilled at manipulating others’ personal data for their own gain, implementing effective policies and security solutions will be imperative to companies preventing and responding to data breaches.

The importance of implementing effective policies

In modern business, collecting and utilising customer data has become fundamental to achieving success. Personalised email campaigns, for instance, have transformed how marketers communicate with their target audiences. There is great scope for what data can enable organisations to achieve, but it is recommended that they err on the side of caution. Vigilance over data protection and cybersecurity policies will pay off in the long term.

Cyber-incidents involving the likes of British Airways, Facebook and Marriot all spring to mind, with regulators handing out substantial fines as punishment. The wave of breaches during the last decade in particular has shaken customer confidence, and made consumers more aware of how and where they are sharing data.

Despite the inherent risks of being complacent with customer data, many IT security decision-makers are failing to implement effective measures to protect it from cyberattacks. For instance, more than half (57 per cent) of businesses do not currently have a cybersecurity policy in place – rising to more than two-thirds (71 per cent) of medium-sized businesses (250 to 549 employees). Protocols that are unfortunately not being implemented as widely as they should be include information security policies, incident response (IR) policies and disaster recovery policies. In addition, just four-in-ten (41 per cent) businesses surveyed believe their organisation is protected with robust endpoint security.

Staying on top of data protection

Harnessing data effectively creates opportunities and drives further growth. But organisations need to stay on top of keeping it secure, as there is a consensus amongst cybersecurity professionals that a cyberattack is always just around the corner in their business. A study has revealed that 84 per cent of chief information security officers believe a cyberattack is inevitable.

This feeling has been put down to the digital, always-online culture that businesses rely on to operate successfully and meet customer needs. So, considering that cyberthreats are now not a matter of ‘if’ but ‘when’, it has become an imperative to properly protect data.

However, the concerns over complacency and the inevitability of an attack can easily be remedied. Though cyberthreats are constantly evolving to break through security solutions, regular assessments are one of the simplest yet most effective ways to stay on top and adopt crucial prevention techniques. IT decision-makers will have more confidence in policies that are up to date, whilst their chances of spotting and foiling an attack that may well breach a company’s customer data will be improved.

Avoiding cyber-complacency

If businesses can ensure their cyber-safety now, this will have a substantial impact on their future – helping them mitigate the risk of compromising sensitive information and suffering data breaches. Running regular in-depth analysis into a company’s cybersecurity approach and systems alongside a strong, robust endpoint security solution is an effective way of doing this. For instance, it’s important for businesses to carry out assessments every six months so that company security protocols are always up-to-date to deal with the latest cyberthreats.

Of course, cost and ROI are important factors when budgeting in any department, but investment in cybersecurity protection and policies often outweighs the potential losses a data breach could incur. What’s more, financial penalties from regulators and a dip in customer confidence could well cripple any organisation. With the seemingly limitless possibilities new technologies offer businesses, prioritised expenditure in cyber-protection is a relatively small price to pay. While companies need to manage their resources carefully, there is software that can ensure any in-house cybersecurity expert is given the support they require.

By introducing defined cybersecurity policies, regular risk assessments and training courses, along with proven services and solutions, businesses must build a strong foundation in order to protect their valuable customer data – in 2020 and beyond.

David Emm, Principal Security Researcher, Kaspersky (opens in new tab)

David Emm is Principal Security Researcher at Kaspersky Lab.