Cyber Defence strategy - what about the here and now?
Cyber Defence strategy ok for the medium term but what about the here and now?
Today’s launch of a National Cyber Security Strategy is welcome news. As leading computer scientist Sir Tim Berners-Lee told the BBC, it is ‘absolutely right’ that the government should focus on this issue.
How relevant is the move to SMEs in the UK though? Not many of them are losing sleep over the threat of state-led cybercrime addressed by the initiatives announced today. The most pressing cybersecurity concern of businesses today is the systematic activity of low-level cybercriminals. In the past 12 months 54 per cent of UK organisations were hit by ransomware, with many experiencing a total system blackout. The stark reality is that for businesses today, it’s not a question of ‘if’ a cyberattack will happen but ‘when’.
Again, it’s welcome that the government will prime initiatives to train more people in cyber. But what about businesses that want to boost their resilience to cybercrime in the meantime?
The most fundamental form of damage limitation is well known, but bears repeating all the same: back-up your systems. Any business, no matter how small or strapped for cash, should be doing this.
Beyond that, deciding how much time and resource to dedicate to cybersecurity can be a real challenge. What is the appropriate response to a threat that could take your entire system down for two working days next week, but might not raise its head at all in the next two years?
It is a complex area and the bottom line is that risk reduction is as much about managing operational processes and human behaviour as boosting the capability of security technologies.
For the companies we’ve seen who are successful in cyber, the cornerstone of a proportionate response is a realistic and accurate baseline of existing technical architecture, policies and procedures. This then can inform decisions about how and when to invest in the technologies, planning and training that address four key elements of cybercrime risk reduction:
- IT operations process improvements
- New security technologies to intercept threats
- Cyber incident response and business continuity plans
- User awareness
Cybercrime is one of the big issues of our age. Businesses need to tackle it intelligently and proactively, understanding that cybersecurity is a journey, not a destination, and that the best time to start is now...
Join our cybersecurity seminar in Cheltenham on 17 January 2017 to find out how you can protect your business.