Switch on the news, pick up the newspaper, or log onto the internet and you are faced with a story concerning cyber security. News about large-scale hacks and data breaches are making headlines more frequently than ever before, from the infamous WannaCry incident to the recent BA data breach.
Cyber security is no longer an issue the IT department is solely responsible for – it's now an organisation-wide priority. And it's not just the financial element of cyber crime, which costs businesses about $600 billion globally, according to one estimate. It's also the damage to an organisation's reputation when it emerges that it has been hacked, or lost customer data.
The sheer number of cyber threats can seem overwhelming, even for businesses with large IT departments. But with planning, clear thinking and the right technology, all businesses can improve their IT security and mitigate the cyber threat.
Not all attacks are obvious
Approximately 19% of attacks are carried out by advanced hackers supported by the state or those involved in corporate espionage. Unless you are a large organisation, they are unlikely to target you. The other eighty per cent of attacks are perpetuated by hackers who simply use known vulnerabilities to exploit the weaknesses in company systems .
Another misconception is that attacks or breaches are noticed immediately. British Airways experienced a cyber attack in August this year, but it took them over two weeks to notice that their customers' card payment details had been compromised. It takes companies 191 days on average to find a data breach, according to global research published in 2017.
It is almost an inevitability that businesses will face a cyber attack at some point, which means cyber security is more about mitigating your risks rather than eliminating them.
Use a risk-based approach
•Start by reviewing your IT systems and look for possible vulnerabilities that hackers or a rogue employee could exploit – an unpatched operating system, or a worker's smartphone containing sensitive commercial data.
•Next, assess the severity of the security threat (i.e. the damage would it cause your business if security was breached). One proven method for assessing IT security is a “risk-based” approach (an in-depth assessment of your IT risks and how to deal with them). Work out how to fix the problem or decrease the security risk.
•Review your IT security − ideally each year and train your staff in cyber security – not just those in IT. If your business lacks the budget or skills and experience to do all these things, outsourcing part could save you time and money.
•If you work with a trusted partner you can benefit from their industry knowledge, in-house skills and the large investment they have made into all areas of their business.
Look to the future
As cyber threats multiply and become more advanced, corporate IT security budgets are likely to carry on increasing. The Global Cyber Security Market is accounted for $95.15 billion in 2017 and is expected to reach $365.26 billion by 2026.
The number of attacks is also likely to increase due to demand for “crime as-a-service” (hackers for hire who can write malware, create highly effective spear phishing campaigns and develop bogus websites for harvesting login credentials).
We will also see a shift in the devices that are being targeted. While today most attacks revolve around PCs and laptops, this will slowly change to mobile phones, where users typically hold a huge amount of personal data and information.
The emergence of technologies like AI, machine learning and IoT will undoubtedly change the landscape in new and unpredictable ways, and this is something you need to keep in mind when creating cyber security strategies.