Cyber crime is a major threat to any business, large or small, so action to protect against it should be high on the board agenda. Andrew Taylor, CEO of BronzeyeIBRM explains where the main threats originate and how to protect yourself
Risk management is now top of the board agenda with business interruption, reputational damage and cyber crime being the top three concerns. Organisations whatever their size, should know they face highly resourceful criminals and law enforcement agencies that are overwhelmed by the scale of their task.
Information security (includes cyber) begins in the boardroom and directors will be held personally responsible for breaches that could have been avoided.
In the UK, Europe and beyond we are currently living through one of the most uncertain and transformative periods experienced in recent times and businesses are faced with increasingly challenging issues. The construction industry and its suppliers are as at risk as any other and management must ensure they are prepared for massive disruption from all sides.
A concern that is often shelved in favour of other priorities is that of cyber security, but the potential consequences are dangerous to overlook. Experience has shown that companies of all sizes, including those with large networks or small standalone systems, are all at risk.
The use of the internet and communication networks have revolutionised the way that we work, share information and exchange data across a diverse range of organisations. One of the greatest challenges will be that organisations have different levels of competence and as such you must ensure that everything is done to minimise exposure with all necessary checks and protections put in place as well as preparations for the aftermath of any attack.
Cyber security is largely a ‘people’ problem
A recent report by Accenture found that ‘Of those surveyed, a majority (69%) of respondents experienced an attempted or successful theft or corruption of data by insiders during the prior 12 months.’ Most people are so busy worrying about a technology silver bullet they completely overlook the weakest link – people. Such errors can be reduced by increasing user awareness and ensuring they understand the implication of their actions through education.
Criminals use whatever tools are available to them to gather intelligence for further exploitation, steal information or money or to create routes to more lucrative targets. Your technology, if you allow it, is merely one of those potential tools. They are looking for vulnerabilities to exploit – even your child’s phone or Facebook account could be used to get to you. Of course, vulnerabilities don’t need to be digital. An open door or a weak procedure is as vulnerable as an unpatched operating system. Criminals will mix and match to exploit whatever gets them there.
Those working on complex projects often provide multi-user access, allowing all stakeholders to access information at the same time. If even unintentionally, details of the project were to be leaked or altered there could be damaging consequences. Even hackers who are not looking to cause physical harm can affect your company; obtaining private, sensitive corporate information, using your system to hop into your client’s systems or even obtaining personal information about your employees.
However, we understand that the technology marketplace is a somewhat confusing space with vendors aplenty offering ‘the answer’ to both managing your business, your precious clients and the resulting enormous amounts of sensitive data that are produced as a consequence. It is no wonder that many organisations rely too heavily on their IT departments or an outsourced IT services supplier for support and advice especially concerning the risks of cyber crime.
This needs to change.
Cyber security is an element of information security. Information security is an element of risk management and risk management must be overseen by the board. The EU’s new data law (GDPR) will take effect in May 2018 (before Brexit) and recent statements from UK legislators and regulators, indicate that this law will either be adopted in full or replicated in UK law.
No matter what the industry, in order to maintain a competitive advantage and uphold your integrity, companies must now be seen to be dealing with cyber security in a proactive manner, reducing vulnerability to clients and suppliers across the board. Everyone needs to feel confident that you are fully prepared with a response plan in place to react in the event of a cyber incident, which now seems to be a matter of when rather than if. Don’t get left behind.
BeCyberSure is a global specialist in information security and helps deliver cyber security protection and education throughout the public and private sector supply chain.
Make cyber security part of the culture.
Andrew Taylor
CEO
BronzeyeIBRM
Please note: this is a commercial profile