Earlier this month, the government released new materials to support UK businesses in their fight against organised cyber-crime, including an updated ’10 steps to Cyber Security’ guide and a report from GCHQ detailing the most common cyber-attacks in the UK and how to prevent them. Groucutt has championed the move, saying the timing is perfect:
“There’s no denying that cyber-crime is on the rise. Last year, we performed over 3000 data restores for our customers - a higher proportion of these than ever before were as a direct result of malicious cyber-attacks like CryptoLocker. With these figures only expected to rise, 2015 is the ideal time to make a real push for cyber-security excellence within our organisations.
“Since June of last year when they launched the Cyber Essentials Scheme, the government has been doing some great work in making cyber security accessible to businesses of all sizes. Bigger businesses may be a greater prize to hackers, but smaller businesses tend to have weaker defences, which means that any business that holds customer data is a legitimate target.
“We conducted a report last year which revealed over a third (36 per cent) of UK organisations had been affected by a cyber-threat in 2014. The more worrying figure though, was that over half of those affected by a threat (58 per cent) either made no changes to their security processes, or failed to even review them following the threat. This mind-set is exactly why the Cyber Essentials Scheme is such a valuable resource, especially for SMEs who perhaps don’t have the capacity in-house for a dedicated security specialist, or the budget to outsource the function.”
But, Groucutt continues, it’s important that we don’t let the more media-friendly cyber security angles overshadow the fundamentals:
“There has been a lot of media attention on the promotion of our UK cyber security companies in the US and on the cyber “war games” planned to test our resiliency. This isn’t necessarily a bad thing – making cyber security a matter of national interest is important. But it’s about more than that – it’s about cultivating a culture of strong cyber security within each and every one of our organisations, from the top down.
“The latest updates to security policies from the government have struck a nice balance. The guidance is technical enough to be useful, without alienating any non-technical business owners. It’s making practical security guidance available to businesses of all sizes without being patronising or over-reaching in terms of the resources required. We need to ensure that, firstly, organisations know that resources are there and secondly, that they actually use them.”