Cyber Security: Bridging the gap between awareness and action
24 March 2017
In today’s world of digital dependence, organisations and their employees are faced with the challenge of keeping up with ever-emerging technologies whilst ensuring their business is secure. The topic of cyber security is well-documented and organisations are aware of its importance – but are they really taking all of the necessary steps to ensure they are protected against cyber threats?
As businesses continue on the journey of digital transformation and embrace new technologies such as cloud and the Internet of Things (IoT), they need to ensure that all of their critical data, whether on-premises or in the cloud, is completely secure and protected, but security in any form is never complete. Currently, the prevalence of Botnet attacks utilising poorly secured IoT such as Internet routers, security cameras, digital video recorders (DVRs) and smart appliances is such that the U.S. Federal Trade Commission (FTC) is offering a cash prize of up to $25,000 for the best technical solution to the issue.
The UK Government’s 2016 Survey on Cyber Security Breaches shows that although most businesses now recognise the importance of cyber security, few of them have actually taken any action to make improvements. The National Cyber Security Strategy also states that with our increasing reliance on digital technologies, we are becoming more vulnerable to criminals who seek to exploit that reliance for malicious purposes.
In addition, the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation which will require action by the majority of UK organisations. The primary objectives of the GDPR are to give citizens back the control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. This will have huge implications for organisations struggling to meet and exceed regulatory requirements.
In this environment what actions do organisations need to take to ensure the security of data and compliance and what are the consequences of inaction?
The GDPR will come into force in 2018, its regulations will cover all companies (large or small) that experience a data breach and will potentially impose significant fines on organisations which don’t meet the regulatory requirements. In the past organisations such as TalkTalk have been fined (£400,000), Tesco Bank had 9,000 customer current accounts accessed and potentially £2.5m stolen. If they had been liable to face the fines which GDPR can potentially impose (up to €20m or 4% of global turnover) then the outcomes for both businesses would have been much more significant than they were.
The potential consequences of inaction now may be severe if a breach were to occur after 2018. Organisations should be planning for the regulations now and ensuring that the entire business has an awareness and understanding of the new obligations, as well as demonstrate compliance with the core principles of GDPR.
IFB has a range of services starting from simple best practice data security advice – if you would like to find out more, feel free to get in touch with us on 0845 270 2101 or email@example.com.