Combat Cyber Security
Cyber security - how should you react?
As an IT Managed Service provider with over 300 clients, every month we review all cyber-related issues our customers have experienced –
we have seen with our own eyes increasing numbers of incidents, including financial / data theft and malware-related network outages. And this is not just about large companies… it’s here and now for our mid-market / SME customers alike.
A possible conclusion from this, which is prevalent in the IT industry, is that in some way companies don’t take Cyber risk seriously in the UK. That’s not the way we see it at Commercial – with each new high-profile national cyber-related headline, senior managers can see the risks clearly enough, but how, in practical terms, should they react?
In essence, that’s the key problem; managing Cyber risk is about being proactive, not reactive. Management teams need to identify much more clearly the information/ operations that are most at risk from Cyber-crime, well ahead of time, and then develop the relevant policies, IT Operations, and staff awareness to manage those risks effectively.
Periodic review of security incidents and risks needs to be at the heart of an iterative approach that becomes more effective over time.
For some, embarking on a formal certification like Cyber Essentials or ISO 27001 may help this structured thinking. But whatever the approach, it needs to start from the top with clarity of purpose, and there’s a big challenge for IT / Security professionals to find that clarity with clients, before proposing a multiplicity of (costly) anti-Cyber solutions.