A recent survey has once again highlighted the urgent need for UK business to take cyber security more seriously.
A recent survey has once again highlighted the urgent need for UK business to take cyber security more seriously. The survey, by Ultima, found that 65 percent of companies don’t have any security solutions deployed onto their mobile devices, and 68 percent of companies do not have an awareness programme aimed at employees of all levels to ensure they are cyber aware.
Despite the never ending stream of organisations and enterprises that have experienced data loss, many companies are still failing to protect their businesses appropriately from cyber-attack. Research by Check Point shows the average enterprise downloads unknown malware every 4 seconds, and yet a third of UK companies by their own admission are woefully underprepared for such attacks. What’s more, they are not educating their employees who are often the first line of defence with regard to cyber threats. Check Point found that one in five employees will be the cause of a company network breach through either malware or malicious Wi-Fi.
And don’t think your business is immune. Every business is at risk. Consider Sports Direct who noticed its systems had been compromised in September 2016, but it wasn’t until December that they discovered the data breach – including names, email addresses and phone numbers. Three had 76,373 customer’s information taken, and then there’s the infamous Tesco data breach in 2016 where as many as 20,000 customers had money stolen from their accounts.
These companies were able to weather the storm, but for smaller companies such data loss can result in failure. Without the right cyber security in place your company risks being held to ransom or going bust. Putting the best possible threat prevention tools in place should be a high priority for all boardroom discussions as the capabilities increase and the costs continue to reduce for decent cyber security.
With a rapidly changing IT landscape, systems that were once integrated, dynamic and fit for purpose become tired, archaic and unsupported from cyber-attack. The larger and more geographically dispersed IT gets, the harder it is to maintain visibility and the easier it is for attackers to penetrate. Traditional perimeter IT security controls, such as firewalls, do not protect businesses against all forms of Internet-borne malware threats. To ensure a robust, up-to-date solution is protecting your business 24/7 engaging a managed IT service solutions provider is a good way to protect your business. But there are also three key areas I believe you should be looking to improve:
1. Assurance as a factor of organisational success
Many organisations are facing ever increasing levels of complexity and ambiguity in managing their Assurance through Governance, Risk and Compliance (GRC) processes. These challenges need to be addressed dynamically and with structure to deliver stability for both the organisation and its customers.
A modern Assurance platform should deliver total governance within the organisation’s business framework and objectives. It will provide a detailed reporting solution for the policy management team and a well-conceived decision support mechanism for higher management when needed. It should deliver continuous risk management across multiple zones within the organisation. Above all it should provide a clear understanding of the risk level that the organisation is facing.
Selecting the right systems for an effective Assurance process strategy requires some general considerations:
- Cost efficiency – including the total cost of ownership (TCO) across infrastructure, consultancy, training and management.
- Vendor reputation – an organisation should choose its GRC partner carefully and based on experience, longevity and demonstrable capability within the organisations market.
- Product Strategy and Vision – a partner should be able to show their long term strategy and prove that their systems will be able to evolve to fit within the GRC landscape in the medium to long term.
- Simplicity – most up to date GRC platforms will provide an organisation with a clearly defined workflow, strategic management capabilities, pre-defined reporting and mobile ready interfaces for simplified operation.
- Integrated Capabilities – modern GRC platforms will integrate policies, controls, risks, assessments and deficiencies across the organisation.
- Collaborative – modern platforms will also deliver a seamless experience for users across multiple domains and environments, allowing for shared resources and policies.
2. Threat prevention security
Many organisations believe that the threat prevention tools and strategies that protect their enterprise scale counterparts are beyond their reach. This is not true. To cater for the growing demand for enterprise scale security, providers are developing tools that deliver advanced threat protection and prevention while remaining agile, scalable and intuitive for SME’s too. These systems will allow your business to carry on functioning while automatically maintaining the threat prevention and compliance standards that your customers are demanding.