Paul Acton, Chief Business Officer at Sure Group, outlines the steps you can take to protect your business from cyber attack
You’ll have probably experienced at first hand the way that technology has evolved over the past two years. Rare occurrences such as full-team video calls quickly became the norm and, as we thankfully return to our Channel Islands offices, these approaches look like they’re here to stay.
But while that advance has been under way, so too has the darker side of technology: cyber crime.
To take just one criminal tactic in one industry, Accenture reports that cyber attacks on banks in 2020 and beyond will result in them losing $347bn, that insurers will lose $305bn and capital markets will lose $47bn by 2024.
But it’s not just the banking sector that’s being affected. Mimecast notes that more than six in 10 companies suffered a ransomware attack last year.
So, with cyber security threats so prevalent, what steps should you take to protect your organisation?
Three key considerations
Managing your organisation’s cyber security can be broken down into three overlapping components, as advised by the National Cyber Security Centre (NCSC).
The first is to get the information you need to make well-informed decisions. This involves assessing what material you keep digitally (these days, that’s probably rather a lot), where this property is stored, and what your organisation’s vulnerabilities are.
The second step is to prioritise your risks. You need to integrate cyber security into your boardroom discussions and processes and embed it in your organisation’s culture.
This is absolutely a board-level concern, as the average cost of suffering a cyber attack – whether ransomware, a data breach, a hack or any other attack – has been estimated to be £2.9m per incident.
Third, you need to take steps to manage your risks. You’ve likely got some sort of disaster recovery plan in place, but when did you last stress test it? Are your systems as up to date as they could be? Have you recently done something different with your data, technology or hardware that needs protecting?
All these questions need to be asked in order to successfully mitigate your risks.
Risks to be aware of
Three components may come across as straightforward and manageable, but clearly there’s a lot to consider for each element of your cyber security, especially when the risks are so varied.
We like to break down the risks your business is facing into four categories, which could represent a helpful way to gather information and prioritise and manage risks:
1. Human capital This relates to how your people are prepared to identify, manage and respond to cyber incidents. Does your organisation have a chief information security officer? Are your staff trained to recognise threats? Are you prioritising cyber security at a senior level?
2. Infrastructure What equipment and technology do you use and is it adequately protected? Is your cloud storage suitably secure? Are your firewalls up to scratch?
3. Data loss Your data is no doubt incredibly valuable to your business, so it makes sense that a criminal would want to access it. Is your data secure?
4. Cyber These are the active threats to your organisation. We’ve mentioned ransomware, but there’s also phishing, botnets, DDoS attacks and hacking.
By considering your cyber security along these lines, you can begin to understand how you might be targeted and what you need to do about it.
At Sure, we offer a comprehensive suite of security solutions to help you tackle these threats. We are offshore cyber security experts and a trusted provider for businesses across the Channel Islands and beyond.
Cyber security is a serious boardroom concern, but it doesn’t have to be a terrifying proposition. By breaking down the threats, you can find a solution that works for you and protects your business.
• This advertising feature was first published in the November 2021 - January 2022 Technology Edition of Businesslife magazine