IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
In-depth

Talking to the spooks about cyber security

Inside the enterprise: Government agency GCHQ is the latest to lend its weight to a cyber security campaign.

Security guards with sunglasses

The dangers to businesses of a cyber attack are all too real. Cybercrime is no longer just about teenage hacking, but a well-organised activity focused on financial gain.

For a large quoted company, the damage caused by an advanced attack can cost more than 100m, and wipe 12 per cent of its stock market value, according to figures from management consultants PA Consulting Group.

A separate study by Norton, a division of security software company Symantec, puts the worldwide cost of cybercrime at US$110bn (70bn), if malware and phishing attacks are taken into account.

Against this backdrop, governments worldwide are scrambling to boost their cybercrime and cyber attack defences.

In the UK, the 2010 Strategic Defence Review increased resources for fighting cyber warfare, and defending against cyber attacks is now considered as important as military programmes.

But governments are also starting to look more deeply at how cyber attacks and cybercrime can affect business. Protecting government and military assets is no longer enough. Critical national infrastructure such as power grids and transportation are in private hands. And attacks that create disruption to a large company, are bound to disrupt the wider economy.

So this week, the Department of Business, Innovation and Skills teamed up with the Government's electronic intelligence agency, GCHQ, to provide new guidance to business about defending themselves from cyber attacks.

National cyber security agencies, or CERTS, have issued guidance to businesses before. But GCHQ, through its information security arm CESG, is specifically targeting senior executives and boards.

The new advice will help companies identify their critical information assets and to understand the risks they face, at both a technical and financial level.

The agency will also issue an "Executive Companion" that will look at risk management and corporate governance, and a third briefing, covering 10 critical areas of cyber protection and prevention and deterrence of attacks.

The Government hopes the guidance will convince boards to take cybercrime and cyber threats more seriously, and will improve co-operation, both between Government and business, and between businesses themselves.

This makes sense, because when it comes to critical national infrastructure and economic assets, businesses and the public sector are interlinked: an attack on one sector is increasingly likely to damage the others.

Whether guidance from GCHQ or even a prospect of a friendly chat over tea and biscuits with the spooks will be enough to convince boards to act remains an open question. IT departments have been warning about the cyber attack risk for years, but not all boards take the threat seriously.

"The scale of the risk deserves to be managed at board level within companies, yet typically it isn't - or not at least until after a major attack has been discovered, when the cost of resolving the problem becomes much greater than it would have been had adequate protection measures been in place," warned Ed Savage, a security expert at PA Consulting.

"Taking proactive action is a better strategy than battening down the hatches and hoping to avoid it." But that, of course, means spending money.

Stephen Pritchard is a contributing editor at IT Pro

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

The truth about cyber security training
Whitepaper

The truth about cyber security training

25 Apr 2022
The truth about cyber security training
Whitepaper

The truth about cyber security training

25 Apr 2022
The Total Economic Impact™ of Mimecast
Whitepaper

The Total Economic Impact™ of Mimecast

25 Apr 2022
The Total Economic Impact™ of Mimecast
Whitepaper

The Total Economic Impact™ of Mimecast

25 Apr 2022

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022