The world has become a far riskier place to do business. As on-line business continues to grow, organisations must face the risks that come with outsourcing and using third party services, larger supply chains and the increase in cyber attacks and cyber fraud. In this modern age, businesses have a dependence on IT, networks and wireless and mobile communications; all of which come with their own security issues.
The driving force for a successful business is to have the right information at the right time, in order to make well-informed decisions. Not only is information the key to business success, but the protection of this information is equally important.
According to a survey carried out by the Ponemon Institute, 90% of businesses that took part have fallen victim to a cyber security breach at least once in the past 12 months. What can be a more daunting statistics?
The survey showed that for 59% of the respondents the most severe consequence of any breach was the theft of information assets followed by business disruption.
There have been recent cyber attacks on high profile organisations including Sony, Nintendo, Google Gmail, Citi Bank and the International Monetary Fund (IMF). Oh, should we mention Arizona State Police too?
Are cyber attacks on the rise?
Whilst only 43% of the respondents in the survey indicated that there was a significant increase in the frequency of cyber attacks, however 77% of them believe that the attacks have become more severe. 34% said they had low confidence in the ability of their organisation’s IT infrastructure to prevent a network security breach in the future. Astonishingly, only 11% of respondents knew the source of all their network’s security breaches.
So what is wrong?
The huge increase in cyber attacks this year is due, in part, to organisations failing to adopt effective security. The recession has contributed to a cutback in manpower, leaving many companies’ IT security departments understaffed. Additionally, the growing use of connected technology by employees means that corporate data is increasingly being downloaded and stored on private devices, raising further security risks.
The increasing threats to organisations worldwide from cyber attacks needs to be addressed by better information security management, using established standards such as ISO 27001. In order to protect the confidentiality, availability and integrity of the information assets, implementing ISO 27001 is the first logic step towards developing an efficient cyber security strategy.
Information security – a concern for all
The cost of cyber attacks to business and business continuity are enormous and the stakes are high. Now is the time for CEOs, CFOs, CIOs and management staff to ask themselves these questions: When was the last time you discussed information security issues at your board meetings or tested your system? Does your organisation have an ongoing security training programme? Does it implement a best practice approach? If you don’t know the answer to these questions, then you would know who to blame, if you get hacked. Or maybe you still think that cyber attacks only affect others, but not you? Perhaps those at Citibank and Sony were thinking just the same.