Working in the cyber security industry I’m fully aware of the risks that every business now faces from cyber attacks and cyber criminals.
Barely a day goes by that we aren’t reporting a cyber attack on this blog, and large-scale attacks are becoming more frequent. The interconnected nature of modern business, coupled with the reliance on and rapid development of technology means that cyber threats are increasing.
What I’m wondering is, how many businesses are burying their heads in the sand when it comes to cyber security?
We love a good stat here at IT Governance, and here’s a few to cogitate on:
- 70% of cyber attacks exploit patchable vulnerabilities (1)
- 75% of boards are uninvolved in reviewing security risks (2)
- 90% of large and 74% small organisations suffered a data breach in 2014 (3)
- 80% of executives considered their board to be cyber security literate (4)
- 82% believed that senior management places a high or very high priority on security (3)
There’s a glaring disparity here. Do businesses and boards really believe they are doing enough and actually placing cyber security high on the agenda? Maybe they think they do, but the statistics would suggest otherwise. Then there are those who I believe are simply burying their heads in the sand. Either way, more must be done.
Get the basics right with Cyber Essentials
In all fairness, getting the basics right would be a massive improvement for a lot of businesses. That’s exactly why the UK Government created the Cyber Essentials scheme. The government realised that for the UK to be at the forefront of global business it must be one of the most cyber secure nations on the planet.
The scheme itself sets out five controls (secure configuration, boundary firewalls and Internet gateways, access controls and privilege management, patch management, and malware protection) that would mitigate 80% of the most common cyber attacks.
Designed to be relatively easy and inexpensive to implement, the UK Government is urging all organisations to adopt the scheme.
To help businesses implement the scheme, IT Governance has created a series of fixed-price packaged solutions. For those with internal cyber security expertise, our Do It Yourself package will help you achieve certification from just £300. For those requiring more support, or who just want us to implement Cyber Essentials for them, investigate our Get A Little Help and Get A Lot Of Help packages.
Cyber threats won’t go away and the likelihood is that you will suffer an attack sooner or later.