With the effects of ransomware attacks from WannaCry and NotPetya still ringing in every business owner’s ears, British Telecom and accounting firm KPMG have jointly published a new cyber security report with some hard advice on how businesses should turn a potential security risk into a business opportunity.
“The cyber security journey – from denial to opportunity” is the title of the report, and it warns of several ransomware traps that businesses tend to fall into in their quest to secure themselves and their employees.
Surprisingly, one of the focal points of the report is to warn companies that have moved from the “denial” stage to the “worry” stage to not invest too heavily in IT security products. It does highlight the importance of antivirus and firewalls but also warns companies not to become a target for IT salespeople.
The report recommends that an assessment be done against best practices issued by bodies like the UK National Cyber Security Centre (NCSC) to find out where best to invest.
Also highlighted in the report is the need to maintain cyber hygiene from the top down, and the need to invest in training and raising awareness among the staff. According to BT Security CEO Mark Hughes:
“The global scale of the recent ransomware attacks showed the astonishing speed at which even the most unsophisticated of attacks can spread around the world. Many organisations could have avoided these attacks by maintaining better standards of cyber hygiene and getting the basics right. These global incidents remind us that every business today – from the smallest sole trader through to SMEs and large multinational corporations – needs to get to grips with managing the security of their IT estate, as well as their people and processes. This report aims to help secure the digital enterprise by navigating businesses through their cyber security journey.”
KPMG’s technical director for cyber security practice David Ferbrache, in the report, says:
“The recent spate of cyber-attacks is keeping cyber risk at the top of the business agenda, and as such investments are being made. The business community needs to avoid knee-jerk reactions as cyber security is a journey – not a one size fits all issue, and getting the basics like patching and back-ups right matters. It’s important to build a security culture, raise awareness amongst staff, and remember that security needs to enable business, not prevent it.
“Cyber threats are evolving and businesses face ruthless criminal entrepreneurs. The solution isn’t jargon ridden technology silver bullets but one that involves a community effort in a world where business boundaries are vanishing. With criminals getting increasingly creative about finding the weakest link, the CISOs of the future need to care about digital risk, help the business seize opportunities and build cyber resilience.”
The joint report also warns against overly complex IT architecture, which more often than not increases the cyber security gaps in the system. Good governance, technology integrations and outsourcing to trusted partners were some of the other takeaways from the report.
You can view the full report here on BT’s Global Services website.