Protecting Business Information from Damage or Loss
Cybersecurity is about “Protecting Business Information from Damage or Loss” by reducing the risk of a cyber attack and implementing methods of recovery in the event of a “breach”.
As we are all too aware, there is a growing risk to businesses from cyber threats. The IT industry is spending more and more effort to reduce the impact on businesses with new and improved products and services to keep pace. In short, the security landscape is constantly changing with businesses revenues and reputations being damaged at an ever-growing rate.
Cyber Attacks Happen Against all Sizes and Types of Business
- 32% of UK businesses and 22% of charities identified cybersecurity breaches or attacks in the last 12 months -1
- 19% had staff stopped from doing their daily work by the attack -1
- Only 33% had cybersecurity policies -1
- Phishing attacks against staff members of all levels remain the most common form of attack -1
- Only around 20% of staff receive any kind of Cyber Security training -1
- 50% of businesses go bust within 6 months of a cyber attack if it takes a week or more to recover -2
- Micro and Small Businesses are less resilient to attack and therefore seen as easy targets by cybercriminals-3
- You may be targeted because of who you do business with – an attack on the supply chain! -3
Cyber Security Breaches Survey 2019 – A survey detailing business and charity action on cybersecurity and the costs and impacts of cyber breaches and attacks.
Regional Organised Crime Units, or ROCUs for short, are trusted partners of the NCSC that form the Cyber PROTECT Network.
The National Cyber Security Centre. Helping to make the UK the safest place to live and work online. The centre understands Cyber Security and Respond to Incidents.
Dichotomy of Requirements…
The risks to businesses are amplified by the increased demand for mobile and home working with requirements to access information and services from multiple devices. We witness a dichotomy of requirements then – information anytime & everywhere as well as preventing unauthorised access.
Of course, we want our information to be kept confidential and undamaged because it is important to the business and needs to be relied on. Legal requirements also need to be considered (GDPR) as well as the IP value of the information.
The National Cyber Security Centre (NCSC) has said – Every organisation is a potential victim. All organisations have something of value that is worth something to others, every organisation connected to the Internet should assume they will be a victim.
So, it’s about protecting the businesses ICT infrastructure and service from attacks and preventing unauthorised access of the data we hold, which is now no longer in a simple on-premises client-server configuration but a wide area network of hosted services.
ICT Infrastructure & Security Assessment
Businesses need to understand the risks they face and should complete an assessment of their ICT infrastructure, the protection and recovery solutions they have in place as well as their policies and staff awareness.
Only with a complete oversite will the business be able to understand where changes and improvements are required. Once any identified improvements have been completed the business will be better protected and far less likely to be impacted by a breach and be better placed to attain Cyber Essentials or ISO27001 Certification as well ma helping to ensure GDPR Compliance.
It is our view that Security is a Process, not simply a Product and that every business needs to have IT Security on its radar and routinely reviewed. We know that no matter how hard we try to protect ourselves there is always a possibility that a security breach could occur. However, by reducing our exposure to threats and being harder to attack we reduce the risk significantly.
We have for a long time been coining the phrase “ We protect business information from Damage or Loss” – this has never been more poignant than now.
We undertake Security Assessments for clients and the framework for this is made up of an amalgam of the best practices from the ICT industry generally, guidance from the NCSC and the requirements of Cyber Essentials.
Our report of the findings and the identified gaps will enable businesses to balance the risk and the potential loss or harm related to Information Technology and understand where changes and improvements need to be implemented to mitigate these potential risks.
You can read here our post on top tips to help protect your business.