BY Richard Summerfield
Barely a week goes by without a major cyber attack making global headlines. Indeed, in recent weeks, the ‘WannaCry’ and ‘Petya’ ransomware attacks have caused chaos across a spectrum of organisations the world over. And, although many companies are beginning to respond to the threat, often the response is misguided, according to a new report from KPMG and BT.
The report, 'Securing the digital enterprise: The cyber security journey – from denial to opportunity', notes that too many companies are treating cyber security as a siloed issue, which can be dealt with simply by “throwing money” at the problem. While companies must ensure they have, for example, adequate and updated firewalls and antivirus protection, it is equally as important to pool shared resources and treat cyber security as a conventional operational risk issue. This requires greater ‘buy-in’ on cyber issues from the board and a better integration of cyber issues into overall business strategy.
David Ferbrache, Technical Director in KPMG’s cyber security practice, said: “The recent spate of cyber-attacks is keeping cyber risk at the top of the business agenda, and as such investments are being made. The business community needs to avoid knee-jerk reactions as cyber security is a journey – not a one size fits all issue, and getting the basics like patching and back-ups right matters. It’s important to build a security culture, raise awareness amongst staff, and remember that security needs to enable business, not prevent it.”
There must be a better acknowledgement, at board level, of the threat posed by cyber attacks. As such, organisations must have the right security provisions in place. These include, companies making sure they know where they are on their journey to cyber security, which, according to the report, involves five key stages: denial, worry, false confidence, hard lessons and true leadership.
Mark Hughes, CEO of BT Security, said: “The global scale of the recent ransomware attacks showed the astonishing speed at which even the most unsophisticated of attacks can spread around the world. Many organisations could have avoided these attacks by maintaining better standards of cyber hygiene and getting the basics right. These global incidents remind us that every business today - from the smallest sole trader through to SMEs and large multinational corporations - needs to get to grips with managing the security of their IT estate, as well as their people and processes.”