No matter how small or large your organisation is, having a cybersecurity strategy is more crucial than ever. A survey1 conducted by the Department for Digital, Culture, Media and Sport this year showed that 32% of businesses identified a cyber-attack or breach within the last 12 months. When you start taking cyber security seriously for your institution, you’ll be able to analyse and address company security as a whole.
The reported averaged the annual cost for businesses that lost data or assets after a breach was £4,180. On top of this cost was the added expense where businesses needed to put new measures in place after an attack to prevent future attacks. With poor planning being a key factor, if you fail to prepare, you prepare to fail! However, the businesses which have increased planning and defence against cyber-attacks have seen fewer attacks overcoming their internal systems.
If you’ve been operating for many years without any security issues, you may be thinking, “Why does my organisation need a cybersecurity strategy? My company’s never going to fall victim to one of those ‘cyber-attacks’!” Without the right cybersecurity strategy and defence in place, it is more than likely that you will someday as attacks have become increasingly sophisticated and data and systems have become more integrated.
To tackle the cyber threat that all organisations face today, decision makers within business must ensure they have an integrated cyber security strategy in place which is specific to the organisation. This will need to address technical cyber risks, as well as policies and the people within the organisation which may pose cyber risk.
Here are the 5 main reasons your company needs a cybersecurity strategy:
1. Increasing number and severity of cyber-attacks across every industry
Cyber-attacks are growing and becoming more disruptive to businesses overnight, and it’s only going from bad to worse with hackers finding new methods of attack. Attacks are prominently increasing in all industries, with a recent study2 establishing that the retail industry is at the most risk to cyber-attacks through social engineering methods.
89% of health care organisations have also experienced a data breach in the past 2 years, even though security measures had been put in place. This is due to web applications connected to critical healthcare information being vulnerable to cyber-attacks.
The threat is just as high for small businesses in almost every industry. 43% of cyber-attacks target small businesses (Small Business Trends, 2018)4, a problem too big for small business owners to ignore. Studies conducted by Hiscox5 revealed that “cyber breaches cost the average small business £25,700 in basic ‘clear up’ costs every year”.
Therefore, it is important to address your company’s cyber risk and define a strategy due to more organisations using online applications and cloud- based applications. With this being identified, the rapid increase in cyber-attacks is inevitable and the effects can be simply, detrimental to your business.
2. Increasing value of data – and more severe penalties when data is compromised
Over the years, the value of data has significantly increased as consumer data can be processed for machine learning, as well as informing business decisions by gaining insight to the customers data and interests. Due to the current growth of companies processing data, platforms such as storing data on the cloud and machines that supports the data has also increased. The areas of attack and vulnerabilities to cyber-attacks have increased due to more data being processed by organisations and the online platforms to store the data. It is your responsibility if you own a business to protect and store data correctly to avoid the misuse of data – the fines can be hefty! It is a legal requirement for organisations to comply with information security standards such as the GDPR.
When an organisation does not comply with the GDPR standard and a data breach occurs fines can be issued up to €20 million or 4% of the organisation’s global annual turnover (whichever is greater). The handling and processing of your employees, clients and customer’s data is a vital part of your cyber security strategy to ensure you don’t fall victim to a breach and harm your business reputation. Our consultants can offer ISO 27001 consultancy to assist in implementing an ISO 27001 aligned ISMS. This is the international standard for best pratice of an information security management system, helping to protect data and assets.
3. Increasing remote working and use of own devices
Remote working and security can be a big issue for employers, the cyber risk is often forgotten about when it comes to working from home, or in public areas. A study conducted by iPass (2018 Mobile Security Report)6 shows that “57% of CIO’s suspect their mobile workers have been hacked or caused a mobile security issue in the last year”. The survey also entailed that “62% of Wi-Fi related security incidents occurred in cafes and coffee shops”.
Due to more employees adopting remote working, this will need to be integrated into the organisations cyber security strategy and policies will need to be put in place to mitigate cyber risk from employees outside of the office. Remote working should be taken into account as part of the risks and certain measures can be taken such as; ensuring employees work data and personal data are preferably stored on different machines, refrain employees from sending private and confidential data whilst connected to public wi-fi, for example when working in cafes.
It should be integrated within your cybersecurity strategy that remote workers store data preferably within cloud-based services and ensure that software on their work devices is kept up to date.
4. Increasing involvement of IT in traditionally non-digital businesses
Due to the rapidly increasing digital world, many traditional non-digital businesses have had to adapt and adopt IT to stay relevant in the world of digital, and most importantly meet consumer expectations. With the evolving technology such as smart devices, smartphone apps, e-commerce platforms and artificial intelligence, businesses who operate in the digital world often move faster than traditional businesses. Businesses who fail to have a digital presence can easily be left behind in this new ever-changing world. Cyber-attacks do not just affect those large IT companies, or financial firms. The risks apply to almost everyone now including the retail industry, manufacturing and even the fast food-industry as the shift to digital within the work force has progressed.
A recent study7 established that the retail industry is at the most risk to cyber-attacks through social engineering methods such as phishing, vishing or baiting. This is since a high amount of fashion retailers using mobile point-of-sale (MPOS) devices has increased. The devices are usually integrated with e-commerce platforms to take payments. This creates a further opportunity for hackers as malware can be created to exploit devices, leading to an increased cyber risk.
5. Increasing global tensions over cyber security
Many national and corporate security risks are being uncovered and pose a threat to the UK’s infrastructure. Organisations may be at risk from internal infrastructure and external interference or uncertainties. The risks are higher than usual due to increasing global tensions over cyber security. The government has issued a corporate report8 which has stated there is ‘critical’ cyber security risks posed by Huawei, the Chinese telecommunications company. Huawei supplies telecommunications for many UK tele com organisations with only limited assurance that the security risks can be managed in the UK. The report reveals that “technical issues have been identified in Huawei’s engineering processes” and the company’s approach to software development brings a significant risk to UK operators. The National Cyber Security Centre issued that third-party software used in several Huawei products was not under enough control.
Brexit also poses an uncertainty and tensions over cyber security, as cyber criminals could try to exploit and look for new methods of attack Post-Brexit. The EU law enforcement agency is also in doubt which will make it more difficult to anticipate, stop and solve cybercrimes. The UK will also find it difficult to shape cyber security policies that other countries must follow within the EU, meaning it will be limited in its partnership with the European Crime Centre (EC3). The EC3 are the cyber-crime law enforcement body who were set up to help protect European citizens, businesses and governments from online cybercrime.
It is important for organisations in preparation for ‘uncertainty’ to predict and put defences in place to mitigate cyber risks of any external factors which could have future impacts on cyber security and UK organisations, such as Brexit. This could be developing an incident response plan based on any risks, as part of your organisations cybersecurity strategy.
Get In Touch
CS Risk Management is a cyber security and risk management consultancy, helping organisations of all sizes – and industries achieve it’s cyber security goals and meet industry recognised standards. If your organisation is looking to implement a cyber security strategy and mitigate cyber risk, our expert consultants are here to help! Please contact us today for more information on how we can improve cyber security within your organisation either by e-mailing us at firstname.lastname@example.org or contact us on 0203 728 6555.