Do you need to review your security strategy?

With around 4.5 million cybercrimes being inflicted on companies in England and Wales in 2018, the threat would seem to be growing by the day. What is the right approach to take if you want to minimise the risks? Instead of being reactive, do you need to be more holistic? For a senior IT or business executive being hit by a ransomware attack, virus inflection, or a serious theft of data, is one of their worst nightmares. The consequences of such an incident – in terms of lost time, sheer cost and the impact on the organisation’s reputation – are always going to be very substantial indeed. Unfortunately, the chances of it happening are increasing. The threat of cybercrime is growing all the time. New techniques and more sophisticated technology are constantly being developed. Cybercriminals are now much more organised and the availability or ransomware and malware kits on the so-called ‘dark web’ have opened up the prospect of becoming a hacker or cybercriminal to almost anyone with a little technical knowledge. According to the UK Office for National Statistics’ (ONS) most recent Crime Survey, around 4.5 million cybercrimes were inflicted on companies in England and Wales in 2018. That figure is certain to increase, so the likelihood of being attacked is growing all the time. Long overdue This is making security even more important to organisations of all sizes and while no-one would admit to being complacent about digital security, there are probably many CIOs and IT managers who know that a review of the approach to security is long overdue. It’s not only the growing scale of the threat in terms of probability – it’s also because the nature of threats has changed. Hackers are finding new ways to circumvent what might be considered to be the conventional approach that has been taken to digital security over the last few years. That has seen organisations taking a largely reactive approach to security. When a new system or app was deployed, they would put in place what they believed at the time, to be appropriate measures. As organisations have embraced new concepts and technologies – increased mobility, cloud services, Big Data, IoT, AI and analytics, for example – they have added specific security solutions designed to safeguard that deployment or close off any vulnerabilities it might bring. Getting smarter The net effect of all this is increased complexity and therein lies the danger. With more access points and with all kinds of devices connecting to the network, there are more opportunities for hackers to exploit. At the same time, the cybercriminals have got smarter. As well as launching organised, systematic proliferations of malware and ransomware, they are devising more sophisticated ways to find and exploit weaknesses in digital defences – and it’s not always the technology that they target. They will seek out gaps or lapses in business processes and the behaviour of employees that could potentially expose the network to infiltration. For these reasons, it makes sense for organisations to not only review the security systems that they have deployed at the present time, but also their whole approach to network security. In our view, that now needs to be a much more holistic one, that considers every aspect of digital security and sets out a strategy that will ensure the organisation can continue to embrace new technologies and innovations, whilst also protecting its digital systems and data.