Five questions for your Board’s cyber security agenda
Every Board should understand how severe cyber-threats are. They are continuously growing, and every business is at risk. According to the Government’s Cyber Security Breaches Survey 2018, 43% of businesses experienced cyber security breaches or attacks over the previous 12 months and this is expected to increase year-on-year. The threats are real and cyber-crime is now part and parcel of the 21st century. Businesses can no longer turn a blind eye. With so many variations of threats and the potential of multiple security gaps within organisations, it’s hard to know where to start and what questions to ask. So, we’ve highlighted five key questions that should be on every Board’s cyber security agenda.
Q1: How do we defend our organisation against cyber-attacks?
This question leads to another important question that needs to be asked: Are we proactive or reactive about cyber security? Businesses can no longer afford to react to a cyber-attack, as it can be too detrimental to your organisation. In fact, a report by the Institute of Directors (IoD) and Barclay’s revealed that 56% of businesses wouldn’t be able to survive a cyber-attack. Successful companies need to be proactive towards cyber-threats. So, where do you start?
Answer: Security Testing
Before you invest in a whole suite of cyber security services, you need to first see the full picture and understand your security weaknesses. By having a security test (whether that’s a vulnerability, penetration or compromise assessment) it will highlight key security gaps from which you will be able to prioritise essential vulnerabilities that need to be fixed sooner rather than later.
Q2: How much time are we going to need to invest in keeping our business cyber-secure?
Cyber security is essential for any business but simply investing all your time can be counterproductive. You run a successful business because you’re good at what you do. You’re not a cyber security business and it’s hard when you don’t have the time or resource to focus on security.
Answer: Managed SIEM
Keep doing what you’re good at and let a cyber security company do what they do best. Having a fully managed Security Information and Event Management (SIEM) service allows an independent cyber security business to take full responsibility for the management of your cyber defence. Even by employing the most skilled IT Manager, they may not have time to investigate all of the alerts, along with keeping pace with the ever-evolving threat landscape. Having a Managed SIEM service frees up your valuable resources and time, while giving you peace of mind that your cyber security is being taking care of.
Q3: How can give we give our customers’ confidence that we take cyber security seriously?
There is no getting around it, we live in a post-GDPR society, and while obtaining accreditations can be frustrating, the impact it has on your customers is immense. Rules and regulations are part and parcel of modern business, and confidence, whether that’s from your existing customers, potential customers, your supply chain or even your employees, that your business is applying quality standard regulations needs to be of the utmost importance.
Answer: Cyber Essentials Accreditation
Obtaining a Cyber Essentials (even better if it’s Cyber Essentials Plus) accreditation, not only carries some serious weight in highlighting you take cyber security seriously, but in many industries it’s a crucial requirement. By obtaining the government-backed accreditation, it provides evidence that your company is committed to working securely and will ultimately give your customers confidence in your business.
Q4: How do we get our staff on board?
Managing to get your staff invested in cyber security is critical. It doesn’t matter if you have the greatest cyber security protection available, unfortunately, cyber security is only as strong as your weakest link, and that equates to your least cyber-savvy member of staff. To make matters worse, cyber-criminals not only know this, but use it to their advantage.
Answer: Cyber Security Awareness Training
Staff, at the very least, should be regularly reminded of the dangers they can present on a day-to-day basis and should be encouraged to become an active part of the company’s cyber security strategy. A cyber risk survey produced by the London Financial Times found that 58% of cyber-attacks are attributable to employee behaviour, such as negligence, accidental disclosure and lost or stolen devices. When they included vulnerabilities that exist due to a talent or skills shortage in cyber security, the percentage attributable to internal human issues is closer to 90%. By offering staff cyber security awareness training they can make simple adjustments to how they go about their work, which could have a huge positive impact when it comes to your cyber security.
Q5: As a business how can we get keep updated on new cyber-threats?
With cyber-attacks occurring at an exponential rate and new advanced threats being discovered daily, it can become overwhelming. Research has even found that four new strands of malicious malware were discovered every second during Q3 of 2016 and this is continuing to increase! Now more than ever, has it become relevant to understand cyber-crime and keep up-to-date on new emerging cyber-threats.
Answer: Threat Intelligence
Having access to intelligence to understand how and when new threats are born offers a proactive approach in dealing with potential threats before they cause irreparable damage and ultimately determine whether or not your business can survive modern cyber security threats. It not only enables your staff to be more proactive in defending your infrastructure from a cyber-attack, but also at a Board level, this intelligence equips you with the tools to gain an insight into the threat landscape to help develop a robust cyber security strategy.
CyberGuard can help…
CyberGuard Technologies, a division of OGL Computer, a company that’s been in business for over 40 years, and understands the industry, can offer help and guidance on the best practices for being cyber-secure.
We offer all the above services and more.
To find out more, click here: www.cg-tech.co.uk
Alternatively, If you would like to talk to one of our Security Consultants, contact us here and we’ll be happy to give you a call.