In-depth

Are companies paying enough attention to cybersecurity?

Naïvety towards data loss threats could do serious damage to UK businesses

Technology has become fundamental to business success. Not only does it assist employees in their roles and help create efficiencies for internal operations, it is also essential for offering customer facing solutions. As a result, cyber security needs are also rapidly changing.

It is no longer enough to invest in just physical security strategies. While a break-in at your business premises can be devastating, far more damage can be wrought by criminals bypassing your IT security. Once in, they can access valuable business or user data that if stolen or leaked can prove fatal for a company.

Advertisement - Article continues below

The general consensus is that cybercrime is on the rise. According to Action Fraud and Get Safe Online, UK firms have seen a 22% increase in cyber attacks over the past year, with reported losses exceeding 1 billion. The year also saw some of the worst data breaches in industry history, including Yahoo and DailyMotion, resulting in the loss of billions of user records.

This is a concerning trend, and there are calls for businesses to do more to protect the data they hold. The unfortunate truth is that implementing cyber strategies is difficult. They are often time consuming and can be incredibly costly, but there are many voices saying that firms ought to be taking cybercrime seriously.

Advertisement
Advertisement - Article continues below

The cost of cybercrime

PwC, a multinational professional services network, has conducted a significant volume of research into business cyber security practices, and has found a number of worrying trends. For example, while some UK companies demonstrate an interest in new cyber security methods, there are still far too many firms that are nave to cyber threats. As much as 18% of businesses aren't aware of the number of cyber attacks they've had over the past year, in spite of the fact that the average cost of incidents is around 2.6 million. 

Advertisement - Article continues below

Richard Horne, cybersecurity partner at PwC, says there are a lot of companies that don't understand the seriousness of cyber attacks and in many cases believe cybercrime is something that won't affect them. This means when a situation does occur, they don't have the resources to be able to prevent damage, causing repercussions for future growth.

"Many organisations just don't realise how vulnerable they are. They remain in the mindset of thinking that a cyberattack just won't happen to them, but realistically we're now in a 'when not if' situation. As a result, these businesses haven't got the right crisis planning, readiness and response in place for when the inevitable does happen," he says.

"In moving towards becoming digital organisations over the last decade, many companies now don't fully understand where their data lies, what it holds and what's critical. It's also hard to know what third parties they rely on to keep their critical data and processes secure, from outsourcers to partners and staff or even clients. As many of these digitisation programs were designed without security in mind, it's common that they're now open to manipulation."

Advertisement - Article continues below

Horne insists on the importance of having the right cybersecurity practices in place, covering all aspects of a business. He says companies should consider this throughout every step of the decision-making focus. "Cybersecurity is far more than just building security controls it's about changing your organisation to be securable," he tells IT Pro.

Advertisement
Advertisement - Article continues below

"That requires all aspects of a business to be engaged, tough decisions at board level, and embedding consideration of cybersecurity risk in all decision-making processes. It's not just about having more budget to buy more technology to patch cybersecurity holes. UK organisations need to take a more strategic approach to how they spend their budgets to start to see a real uptick in [their] security posture."

Be prepared and develop strategies

Preparation is essential when dealing with cybersecurity threats. If companies don't have suitable protections in place, then the damage can be much worse. Anton Grashion, EMEA senior director of product marketing at American software firm Cylance, says businesses spend too much time chasing and trying to patch up attacks after they happen.

Advertisement - Article continues below

"When it comes to protecting your organisation, prevention and preparation are the best medicine. Once a breach takes place, the business cost and business risks go up exponentially, with every second of delay resulting in further harm. IT staff are often forced to drop everything to initiate a lengthy chain of discovery, analysis, verification and remediation whilst in crisis. As time ticks by, the damage continues and costs mount," he says.

"It's a reasonable question to ask why the situation doesn't seem to improve; as the industry becomes more connected, malicious actors take advantage of the vulnerabilities created by the gap between IT security and operations. What organisations are not doing very well is preventing attacks. They're spending time and resources chasing [them] into the network at which point their data has already been compromised. The balance has shifted too far from prevention to detection and remediation and it's a balance that's needed."

Advertisement - Article continues below

He adds that firms need to spend time and money creating an efficient strategy that can help them fight cyber criminals. "A pre-execution strategy is the first step in building an effective security portfolio. Identifying malicious applications before they get a chance to execute helps limit security management costs and system performance overhead," he says.

Innovating to fight cybercrime

Automation is innovating a plethora of industries, but it can also help companies fight cybercrime. Jes Breslaw, director of strategy at data virtualisation firm Delphix, says automated processes can simplify and speed up complex, timely cybersecurity approaches. In particular, it can provide data masking, a way of organising company data.

"The process of masking both production and test data has traditionally been an expensive and complex task. That means companies have found it particularly difficult to limit the risk to brand reputation and unexpected fraud or identity theft, when data has fallen into the wrong hands," he says.

Advertisement - Article continues below

"Overcoming this barrier means considering technologies that automate data masking at scale. Using data virtualisation, companies can mask data once and then ensure all subsequent copies have the same protective policies applied. This approach holds significant benefits when considering the impending EU GDPR, which is a growing security concern.

"Had the GDPR been in operation when the TalkTalk breach happened, the company's fine could have been in the region of 70 million, based on 4%t of its annual worldwide turnover. As such, taking steps to drive greater visibility and standardisation into processes such as data masking, will be paramount to future proof business against both cost and compliance implications in the coming year."

Technology is always advancing and more firms are investing in new innovation and developing data-centric processes. With this in mind, it's easy to assume cybercrime is going to disappear overnight. In fact, it'll only likely get worse. Companies need to start taking it seriously now, or they could face harsh consequences.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020