The security breach last month at the phone and broadband supplier TalkTalk has brought the issue of cyber security to the forefront of people’s minds.
Tens of thousands of customer’s personal data was accessed by an external element (hackers).
Attacks like these are not just limited to large companies and it is increasingly becoming a concern to many small businesses (something we have been advocating for some time). Ernst and Young’s annual Global Information Security Survey (GISS) stated that 88% of those surveyed admitted that they thought that their Information Security did not fully meet the needs of their organisation.
The 2015 GISS provided insights from 1755 participants and showed an increase over 2014 from 53% to 57% saying that “a lack of skilled resources is challenging their organisations information security”.
Stages of Defence – Ernst and Young’s annual Global Information Security Survey (GISS)
All these numbers show one trend, that cyber security is becoming more of a focus than ever but there is still a long way to go before it is fully understood and adequately dealt with by businesses.
So what do you need to understand to protect your organisation?
- Identify key areas the attackers could target: sales information, customer records, online ordering channels, R & D information.
- How attackers will gain access: Public facing websites and Remote Access, third-party systems that connect into yours, connecting industrial systems, the Cloud, email spam and phishing.
- Understand your organisation’s ability to respond, contain and recover from an attack: Who has the knowledge to intervene, what measures do you already have in place to detect and stop attacks.
There are many options to keeping your organisation safe from Cyber Attacks.
The key factors are:
- Be aware of your current position, the digital age is constantly evolving and so is the nature of attack.
- Keep all systems up-to-date especially where Firewalls and Antivirus Systems are concerned.
- Also as stated above 57% of those surveyed say there is a lack of skills within their organisation to combat information security, so, implement cybersecurity awareness training for employees which can help detect and even prevent possible attacks on your systems.
- If you need some help, then read our previous blog “Disaster management BEFORE the Disaster!” or give me a call (Bob Potter) a call, this stuff is our day job!