ertain recent events have clearly shown us that even the biggest multinational corporations in the world still have much to learn when it comes to internal cyber security. You’d have thought that businesses that deal with millions of customers’ personal data would have very stringent internal cyber security controls to avoid any high-profile incidents, but you might just be quite surprised.
Cyber security as a whole is constantly on the move, with developments constantly popping up around the world as everyone looks to be at the cutting edge of what is already a cutting-edge field. On a very related note, businesses should, and usually do, keep all their employees up to date with the very latest guidelines. This of course goes for all employees, not just those who deal directly with data. We’ve witnessed only recently that even if a breach happens far away from any proprietary or sensitive data, that ‘chink in the armour’ can be used by cyber attackers to get their mucky fingers everywhere within a business’ network.
In order to avoid even the slightest possibility that an attack like this happens to the same business, or a similar organisation, it has to be accepted that more education on cyber security is the way forward. Businesses can no longer pretend to exist in a world where cyber attacks are not a common threat, and preparation for such attacks from all angles is an essential part of being a modern successful business. We do also hope that it is enough for businesses to learn from their peers’ mistakes, instead of having to wait for an attack on their own infrastructure before taking action.
Experts across the sector have been backing the idea for years, and it is a shame that it has taken recent high-profile attacks like this to jolt higher-ups into action, but in an industry where a successful attack costs on average £9.9million to an organisation, it’s very much a case of ‘better late than never’.
As executives across all the major industries are slowly catching the memo, we have to ask, what more can be done by cyber security professionals to educate their peers? Is there more that we can do, or is the onus on executives in each sector?
What can be done?
It’s a bit of both in truth. Cyber security professionals have a professional and moral responsibility to educate their peers on the dangers of cyber attacks, and how they can prepare themselves for any possible turn of events.
On the other hand, it’s very much in the interest of higher-ups in other industries to ensure their staff are very well educated on cyber security and its importance. We’ve all seen what happens when staff aren’t educated, and no one wants their business to lose millions to a cyber attack.
Employers should be listening to their CISOs, taking on ideas that could improve their defence. CISOs need to be given more freedom to develop new strategies and systems to cater to their business’ specific needs. We’ve gone too long with cyber security being seen as a luxury rather than the necessity that it really is in the modern age of doing business.
No business is exempt from the threat of cyber attacks, and proper education of employees on the threats and methods of preparation is the absolute best way to prevent successful attacks.
Working together is one of the best ways to develop new ideas is to get all the smartest people in a field, put them in touch, and wait for sparks to fly. This isn’t any different with cyber security and think tanks and forums have seen great developments in the past. As networking has moved online due to the current circumstances, organisations have adapted and improved their methods to keep innovation going. The NCSC and World Economic Forum have been leading lights in the sector, publishing joint studies, guidance, and ensuring that the sector's experts aren’t left to their own devices too much.
We’d love to see more businesses pick up the baton and drive their own innovation forward, listening to their CISOs, and educating all their employees…and we’ll keep pushing for it.