As we have discussed in our recent blogs, the WannaCry ransomware attack has exposed the widespread vulnerability of businesses and institutions in the face of sophisticated cyber criminals. Cyber security has been seen for too long as a budgetary add-on, that can be dealt with as and when. Understandably, managers and directors have their minds on operations and profits and have perhaps limited experience of the damage a cyber attack or data breach can do. Often a cyber attack can cripple a business, dealing a mortal blow. It is a common misconception that only big, multi-national corporations will be targeted. Sadly, with viral tactics, hackers can target many thousands of victims with one click of a button, a scatter-gun approach that will hurt SMBs as well as more obvious targets. Every successful attack represents enormous potential profit to the hackers, and grave loss to the victims. While the matter of cybersecurity has been perceived as a potential threat on the horizon for some time, WannaCry has no brought home the very real urgency of the situation. Cyber security demands attention before cyber crime makes demands on your profit margins.
A War of Attrition
An issue with cyber security is that it is an ongoing process, not a one-off cost. For many companies, an occasional defrag and a yearly subscription to a basic security software package is the limit of their IT expenditure. Such a small outlay may only be true in some cases, but it indicates a wider attitude, that even when hard-working IT staff have more to work with, it is often a budget that is given begrudgingly. It is to be hoped that with the new awareness heralded by WannaCry will also come to a new willingness to budget adequately for the very real threat posed by cyber crime.
More and more, the old standards of cyber security are being proven insufficient. As computing power grows and hacking software proliferates, the danger gets harder to overstate. We urge all businesses to put cybersecurity front and centre of their business continuity agendas. Management must look ahead because once you have been successfully breached by a cyber attack, your options become few indeed.
There Is No Steady State for Cyber Security
A fundamental realisation that must be brought home is that there is no steady state of cyber security. What cyber criminals can do to hurt your business and your reputation with clients gets worse all the time, and cyber security professionals must keep pressing forwards to deal with their predations. Too often, security staff are forced to play catch-up, and in the world of cyber-game that can be a most dangerous game to play. As inter-connectivity grows, the Internet of Things will raise the cyber security stakes even higher. Without wishing to scaremonger, IoT adoption must be accompanied by a responsible increase in cyber security; otherwise, the results could truly be disastrous.
In our next blog, we will continue to review the current situation of cyber security and underline some of the best practices that can be taken onboard immediately. Also, we will consider some of the more long-term choices that Abilott recommends, ensuring that your cyber security remains ready to meet the increasing threat of presented by hackers, malware and cyber attacks.