Like a slumbering giant, the business world is slowly waking up to the real threat of cyber security. Until now it’s been governments taking virtual pot shots at each other or, in the case of North Korea; Sony Entertainment.
The recent hack suffered by Talk Talk has made it quite clear to businesses, big and small, everyone is fair game. The potential breach of 4 million customer records once again highlighted the need for businesses to take cyber threats seriously because they could come from anywhere. Two of the alleged persons behind the Talk Talk attack carried out on the 21st October 2015 were 15 and 16 years old. Threats aren’t always going to be found in windowless office buildings in the middle of Shanghai or in the Kremlin’s basement. It’s in the bedrooms and living rooms of seemingly every day people with motives varying from boredom to anarchy.
The good news for Talk Talk customers is they posted a job ad for an Information Security Officer the day after the attack…
Ultimately the result is the same – the disruption to businesses and lives, billions wasted as data protection is breached and personal and financial records are scattered across cyber space like confetti in the wind.
Cyber security is not a luxury. It’s a necessity and a requirement. The damage caused by a successful cyber-attack is staggering. It costs the economy an average of £4.2 million per successful attack. The cost to brand and reputation is incalculable. Assuming the loss of business isn’t crippling, it can take years to win back customer trust. It remains to be seen how Talk Talk will weather the storm.
Sony did an admiral job offering free content when the Playstation network was hacked back in 2011 but it wasn’t enough to stop tens of thousands of users from closing their accounts and leaving the brand altogether.
However the near crisis levels of vulnerability goes far beyond not having the right systems in place. According to a recent report by PwC: board members are either vague on the details or have no understanding of the risks cyber-attacks represent or the company’s approach in tackling them. Senior management and company boards need to pay greater attention to what is, without doubt, a business-critical issue. There is a real need to look past a cost that may not have an obvious return on investment and be actively involved in the decision making processes.
It’s no surprise that there’s a correlation between static security budgets and a rise in successful cyber-attacks. Coupled with the roll out of fibre optic broadband and the low cost computer components, cyber-attacks have become more concerted but at no real increase in cost to the hacker.
The solution rests with awareness, education and investment. The latter seems obvious but experts suggest that the best way of counteracting cyber-attacks is to make it financially unviable for hackers to attempt the attack.
The investment comes from hiring the right people with skill sets in automated and integrated intelligence, backed up by skilled teams of penetration testers to ensure the robustness of the system. As the attacks become more sophisticated so must the measures that defeat them. Manual intervention/defence is all but impossible to achieve.
The truth is: we, as businesses, have a legal and moral responsibility to safeguard the data of our staff and customers. The opposition is fierce: we’re going up against sophisticated hackers, some of which are highly organised and push an agenda of a free society or a moral crusade against corporate greed…all the while stealing people’s bank details.
Cyber-security is no longer a luxury, a nice to have or the budgetary sidebar within IT. The Ministry of Defence has made cyber security a tier 1 threat which, in layman’s terms, means it represents the same threat to national security as a terrorist attack.
Experts predict an exponential rise in cyber-attacks in the coming years with SMEs at particular risk due to lack of existing IT infrastructure. However successful attacks against Sony Entertainment, Playstation, Xbox (Microsoft), Talk Talk and the US Federal Government within the last 12 months highlights that enterprise level corporations are just as vulnerable.
A successful cyber security strategy starts with buy-in and investment of the right people in to the right roles. Without this successful cyber-attacks will rise in line with the attempts no matter the size of the company.
If you are a cyber-security or information assurance professional either looking for an exciting new opportunity or have requirements you’d like our support with, we want to hear from you. Register your details or submit your vacancies today and one of our specialist consultants will be in touch.
For more news and top jobs follow us on LinkedIn and like us on Facebook.