What’s next?

How you protect business assets should begin with an insider risk assessment, advised Thomson. “Consider the critical assets you want to protect and how an insider with legitimate access, the intent and the capability, could abuse their position to cause harm. Then consider what controls would prevent or detect such actions,” he said. “The UK’s Centre for the Protection of National Infrastructure has some freely available guides and frameworks to help address the insider risk.”

Further investment in cyber security is inevitable for all sizes of business. PwC found that 40% of the executives it surveyed planned to accelerate digitalisation, as well as increase their cyber-security budgets. Around half of them also said they intended to add to the number of full-time cyber-security staff.

40% of global businesses are accelerating digitalisation for growth

39% of global businesses are offering full-time remote work for more workers

Source: PwC Global Digital Trust Insights 2021 survey – Cybersecurity come of age

Robust information management systems capable of standing up to the rigours of remote working and disgruntled staff are an essential component in cyber strategies. “We suggest businesses certify themselves to the UK Government-backed IASME Governance certification, which will give them the tools and framework to put such a system in place,” said Penson.

However, investment alone won’t solve all cyber- security problems. Attitudes must also change for security measures to be as effective as possible. “Sadly, the awareness or complacency that ‘it hasn’t happened to me so far, so it won’t happen’ is still widespread and mitigating security breaches is like any insurance policy: a grudge sale. It will cost time and money but not add anything materially to the business,” commented Groom.

That said, board-level involvement in finding practical solutions appears to be more in evidence, according to Holland. “Email security has gone from being within the sole domain of chief information security officers to a high-level risk issue for boards. Big companies are now treating this problem with the seriousness it deserves.”

McGowan expects to see more businesses acknowledge the importance of education and increased awareness of the threats.

‘We recommend ‘war gaming’ to practise how your company would react to a cyber breach’

“Make sure everyone is talking together and that they understand the risks, through training and education,” he said.

Content Guru keeps staff on their toes with regular phishing tests. “New employees are, by far, the most susceptible to falling for scams. On the other hand, employees who are leaving the business are a risk for causing intentional harm to the organisation,” said Cheetham.

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45