Businesses are still failing to ensure they are protecting themselves effectively online, despite the growing number of damaging security threats, a new report from BT has claimed.
The UK phone giant has teamed up with KPMG for a new guide advising businesses as to how they can stay safe online when facing the number of complex challenges involved in running a business during this rapidly-changing time.
The report says that businesses currently fall into one of five categories related to their levels of preparation concerning cyber security - Denial; Worry; False Confidence; Hard Lessons; and True Leadership.
And although cyber security issues are increasingly being discussed at board level, these discussions are too infrequent, meaning that many businesses are failing to incorporate security into their wider strategy.
Many companies are also putting themselves at risk of attack due to an overly complex IT architecture, BT warns, with multiple different systems requiring separate levels of protection, especially if the technology deployed is too difficult to use or there’s a lack of integration.
“The global scale of the recent ransomware attacks showed the astonishing speed at which even the most unsophisticated of attacks can spread around the world," said Mark Hughes, CEO of BT Security.
"Many organisations could have avoided these attacks by maintaining better standards of cyber hygiene and getting the basics right. These global incidents remind us that every business today - from the smallest sole trader through to SMEs and large multinational corporations - needs to get to grips with managing the security of their IT estate, as well as their people and processes.”
In order to address these risks and gain true leadership in cyber security, the report calls on firms to focus on good governance processes, the proper integration of technologies and to consider outsourcing some less critical aspects of their security to a trusted partner.
“The recent spate of cyber-attacks is keeping cyber risk at the top of the business agenda, and as such investments are being made," said David Ferbrache, technical director in KPMG’s cyber security practice. "The business community needs to avoid knee-jerk reactions as cyber security is a journey – not a one size fits all issue, and getting the basics like patching and back-ups right matters. It’s important to build a security culture, raise awareness amongst staff, and remember that security needs to enable business, not prevent it."
“Cyber threats are evolving and businesses face ruthless criminal entrepreneurs. The solution isn’t jargon ridden technology silver bullets but one that involves a community effort in a world where business boundaries are vanishing. With criminals getting increasingly creative about finding the weakest link, the CISOs of the future need to care about digital risk, help the business seize opportunities and build cyber resilience.”