Companies need to stop divorcing themselves from cyber security

The 2015 Data Protection Best Practices and Risk Assessment Guides has revealed that in January to June last year over 30 per cent of data breaches involving the loss of personally identifiable information (PII) were caused by internal intrusions -- while a further 29 per cent were caused either accidentally or maliciously by employees. Richard Pharro, CEO of APM Group, gives his opinions on the issue.

  • 9 years ago Posted in

“These results confirm the very real world of cyber and data security,” Pharro said. “All too many businesses imagine threats to their data emanate solely out of the criminal underworld, and are therefore beyond their reach or control. The impact of this is a defeatist attitude: If would-be hackers are bent on accessing my company’s data, what can I really do to stop them? Those threats do of course exist, and indeed are growing, but the most prominent and pertinent threats to businesses’ data relate to human error and data hygiene.”

Pharro continued: “CEOs must now become fluent in the language of cyber security and advance the way in which their companies deal with threats. Security officers should be monitoring their internal workings more proactively and reacting to attacks in a much more dynamic manner. It must be remembered by all that a successful security framework will protect from the inside out and outside in, along the lines of the perimeter, collecting information and contextualising it to provide actionable intelligence.

“Assessing internal capabilities and competencies in all respects is a much more effective way of dealing with the new style of threat and this can be done on an almost routine basis using capability assessment tools. Organisations have at their disposal dynamic tools, which can empower companies with a tailored, on-going assessment of their current cyber security ability to highlight ‘at risk’ areas. This then provides a detailed roadmap on how best to mitigate these factors,” he continued.

“The culture of social media and the lax attitude to privacy that goes with it is a trait that is contrary to business protocol regarding the disclosure of commercially sensitive information. Employees now have the platform to disclose this to potentially large amounts of Twitter and Facebook users but these sites are also significant targets for cyber criminals.

“A rigorous policy backed up with regular training must be the solution. Companies should also be mindful that analysis of these social conversations can create security intelligence which in the longer term can feed into processes and enhance security levels within the company”, Pharro added.

“Data security is now clearly a board room issue which must be front of mind for those at all levels within the company. As a baseline solution, passwords should be kept updated and sensitive files should always be encrypted. Regular training on phishing and malware can form an integral part of the preventions process. Clear visibility puts companies in the strongest possible position so capability and assessment tools can provide much needed direction in this area.

Pharro concluded, “Cyber security is now an essential part of our interconnected business world and requires the full attention of senior management as pressures increase and mobile integration advances.”

Talent and training partner, mthree, which supports major global tech, banking, and business...
On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
GPUaaS provides customers on-demand access to powerful accelerated resources for AI, machine...
TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Nearly all UK IT managers surveyed (98%) state cloud investment is an organisational priority for...
LetsGetChecked is a global healthcare solutions company that provides the tools to manage health...
Node4 to the rescue.