In our businesses today we all know that the risks of digital technologies being abused in order to gain access to our systems, processes and data is ever-present. Multiple high profile instances of cyber attacks on businesses have brought this issue to the forefront and made it a key issue for all business leaders to understand and plan around.
The latest news and opinion on the subject is this: It’s no longer a case of ‘if’ you will suffer a cyber security breach, it’s ‘when’ "We're no longer in a situation where it's a case of 'if I am going to get breached'. It's more a case of how often you are going to get breached and how long those people are going to be in for." Cyber forensics pro Dr David Day.
In other words cyber-attacks are common and businesses of all sizes, sectors and industries will now find themselves subject to these attacks. Some attacks will appear low-level, for example breaches on your website which result in pages being hacked, or mass-mailing attempts to or from your email servers. Other attacks will be definite and deliberate attempts to gain access to the core systems and data. And indeed an attack which may seem low-level initially could simply be the first stage of a bigger event – the hackers using opportunities to ‘test’ the strength of your security.
Cosmic is involved in work with DCBC and the SW Cyber Security Cluster working with businesses across the region to increase awareness and encourage improvement. People still represent the biggest risk in cyber security terms – passwords are still the easiest way into most datasets and platforms. And as this video reminds us, people are not always good at setting strong passwords, let alone keeping them private!
And there is now plenty of research being generated about the levels of cyber security issues, and also the responses which businesses are adopting to increase their protection and risk mitigation plans. And its clear from these reports that cyber security risks have become leadership issues in business (and in government, public sector and charities). More businesses are adopting technologies to increase security levels, and these include cloud-enabled security, data analytics and advanced authentication processes. Many businesses are also adopting a more collaborative approach to cyber security, sharing their issues and concerns with external partners to create more resilience and plan proactively to increase protection levels.
A recent report by PWC looked at the cyber security issues and responses from businesses – summarised in this great infographic:
How many of the suggested safeguards are you reviewing and putting in place in your business? How much investment are you making in your cyber security systems, hardware and staff skills? You can read the full PWC report here.
And looking further ahead in time, we can see a time when cyber security and particularly the need for a much stronger focus on security of personal data in the age of the Internet of Things. We really enjoyed this presentation from TED about the security issues ahead – Joshua Corman compares this issue to swimming with sharks! Take a look here.
His opening notion is that you don’t have to swim faster than the shark – just faster than your buddy! And that we all make decisions about the level of risk we engage in – and this translates well into the new digital future.
In a future of internet of things – we will have not only personal data flowing full-time and everywhere, but we will also have a full range of devices, clothing, appliances, health devices, vehicles and more all connected and generating new data constantly. Any business developing IoT products need to think about security breaches, Joshua Corman talks about the hacking of autonomous vehicles – allowing hackers to take over control of the vehicles with passengers inside and the first website hacking attempt (DDoS) has been made by smart fridges!
It is also true though, that under-reporting of cyber-attacks is a key issue, businesses remain reluctant to share news of attacks for fear of losing customers and suppliers by indicating that as a weakness but with the introduction of Cyber Security Insurance, businesses will have to report incidents, making it a more visible crime and more visible to our customers.
So how can we lead in a world of cyber security? How can we manage our reputation with clients, stakeholders and staff when the inevitable happens? But most importantly, how do we balance security risk with improvements in productivity, innovation and staff motivation?
These questions now require strategic thinking and not a delegated response from IT managers, find out more at our Digital Leadership taster sessions here. For more details on our new Digital Leadership programme – please read our recently published White Paper which you can access here.