Why business leaders should not ignore cyber-security
At a recent executive round table hosted by Conosco, we had the privilege to be joined by Patrick Wheeler, a renowned expert in the field of Information and Cyber Security. I got the opportunity to spend some additional time with Patrick and capture some of his thoughts to share.
Leaders cannot afford to ignore Information Security
As we sat down to chat, Patrick’s opening line to me was “Cyber is pervasive, leaders cannot afford to not engage.” A very bold statement delivered with real conviction.
Cyber crime is no longer about opportunistic individuals looking to exploit large organisations or major brands. It is organised groups, professional cyber criminals that make a living from harvesting and selling sensitive data or disrupting businesses until a ransom is paid.
Patrick explained that companies are up against significant organisations focused on sinking their business, these are professional enterprises with HR departments, R&D and even KPIs. They invest millions in campaigns that could last 6 days or 6 months depending on their effectiveness and ability to go undetected and they don’t just target the large enterprise, they equally focus on smaller companies where they perceive defences to be weaker.
You cannot leave it to someone else
It is very common for Information Security & Cyber Security to be thought of as solely a technical problem that needs a technical solution. But relying only on technical solutions is fundamentally flawed as attackers are exploiting the human element.
It’s the email sent to accounts that looks like it has come from the CEO requesting the attached invoice is paid, last thing on a Friday evening. It’s the official looking email prompting the user to validate their username and password for a web application, the tactics continue to get more personalised and more ingenious.
Information Security is much more than just defending against cyber criminals. It’s also about protecting personal and sensitive information held within a business and ensuring that it’s not intentionally or accidentally shared or lost.
“Patrick explains that there is a key difference between how we can differentiate between IT and Security. “if IT protects the perimeter, is focused on the place of work, security goes home with your employees.”
The best way to build resilience around Information and cyber security is to create a security conscious culture. This starts with awareness amongst leaders. Recognising the threats and the potential impact of these on the business. This awareness needs to flow down and across the organisation, everyone has their role to play in Information Security. People need to appreciate the reason for keeping information secure, they need to understand how they could be exploited and buy-in to the need for them to do their part.
Unfortunately, it never ends
Information and Cyber Security is not a project, it’s a continuous programme that has to be a permanent part of how your organisation works. Three years ago, ransomware was pretty rare with only isolated cases, today it’s a very real and serious threat to every organisation. When one door closes, cyber criminals are already finding the next one to open, and it’s most certainly a continuous challenge for organisations to keep pace.
The more organisations rely on electronic data, the greater the risk of criminals trying to exploit this. Patrick sums this up quite nicely: “It is not about Cyber Security, (this generates a false sense of security), it is about Cyber resiliency. IT will try and secure, but it needs the entire business to be resilient and aware.”
Contact the Conosco team on 0800 368 8690, email us at email@example.com or visit our IT Security page to find out more about how we can help your business.