With the latest revelation about Uber’s catastrophic 2016 cyber-attack still fresh in everyone’s mind, we are seeing more and more how such breaches pose a critical threat to UK businesses.
This attack on Uber, the way the company handled it, and how customers reacted offer crucial lessons for the way organisations approach cyber-security – and the potential consequences when they get it wrong.
Paying hackers to delete stolen data is strongly inadvisable, and should, in fact, be frowned upon. Organisations that fall into the trap of transferring large cash or cryptocurrency ransoms to hackers only enable this criminal behaviour.
Attackers will always have the initiative in these cases, and even the best-run company is at risk of a hack or data theft. Organisations need to make more of an effort to educate themselves on the channels cyber-criminals can use to infiltrate companies and steal data.
After all, the ripple effects of an attack no longer stay within the four walls of an organisation. It’s time for businesses of all sizes to take proactive measures to safeguard their main asset – data.
With this in mind, it was worrying that research by Fujitsu revealed that fewer than one-in-ten consumers believe businesses are doing enough to ensure that their data is protected.
If they are to stay ahead of competitors and remain trusted in the eyes of their customers, it’s fundamental that businesses ensure they are robust in their security.
Power to the people
Even with 51% of UK organisations planning to invest in cyber-security systems in the next 12 months that investment may be meaningless without the people to make those systems work.
Indeed, our recent global survey – ‘The Digital PACT’ – found eight-in-ten businesses point to digital skills as the biggest hindrance to their cyber-security function.
A reluctance in upskilling staff is often an attitudinal issue, with many organisations not necessarily considering themselves as ‘high-value targets’ for attackers. What this means is they often have minimal protection and investment in cyber-security defences – and this includes staff training and awareness.
However, for many malicious actors, finding vulnerabilities is their bread and butter.
It’s time that businesses recognise that cyber-security is more than just a technology issue – it’s a people issue.
This isn’t being helped by a general lack of enforcement relating to IT and security-related policies, with an assumption that users are actively following policies or have understood the ramifications for failure to follow the policies as prescribed.
There’s lots to be done to improve user awareness and training as the first line of defence to protect companies from data leakage and attacks.
Whilst companies will, of course, still need to invest in appropriate technical and security controls or work with cyber partners to achieve this, upskilling users and making them more cyber-aware is one of the most cost-effective ways of reducing the probability and impact of human error.
With cyber-attacks increasing in both frequency severity, and with the GDPR on the horizon, if we’re to ensure our industries remain competitive and secure, it’s critical that businesses enhance their first line of defence against such attacks.
Latest posts by Sarah Armstrong-Smith (see all)
- Security threats are no longer just a tech issue – they’re a people issue - November 29, 2017