Are you looking to enhance your businesses Information Security against current Cyber Threats?
Scott Naisbett (CIS LI) is our Certified Information Security Consultant and Lead Implementer, he is registered with the GASQ registration for experts and also holds a IBITGQ (International Board for IT Governance Qualification).
Scott has experience working with small, medium and large organisations alike, leading their information security projects while achieving and exceeding their business objectives through simple and effective management systems that provide results.
Five reasons Cyber security is more Important than ever
We specialise in SME's and find solutions for any budget!
A whopping 98% of UK businesses now operate online in one way or another, with even the smallest of firms benefiting hugely from the use of websites, social media, staff email addresses, online banking and the ability for customers to shop online.
However, the latest Government statistics show over four in ten (43%) of all businesses and charities experienced a cyber breach or attack in the past year. This included computer viruses, hacking, theft of data and theft of financial information.
Breaches were identified most often in businesses holding personal data and those where staff use personal devices for work.
Download your Free Gap Analysis Tool
This tool enables you to identify the controls that you need to put in place in order to meet the requirements of the Cyber Essentials scheme, and monitors your progress towards compliance.
1. The rising cost of breaches
The fact is that cyberattacks can be extremely expensive for businesses to endure. Recent statistics have suggested that the average cost of a data breach at a larger firm is £20,000.
But this actually underestimates the real expense of an attack against a company. It is not just the financial damage suffered by the business or the cost of remediation; a data breach can also inflict untold reputational damage.
Suffering a cyberattack can cause customers to lose trust in a business and spend their money elsewhere. Additionally, having a reputation for poor security can also lead to a failure to win new contracts.
2. Increasingly sophisticated hackers
Almost every business has a website and externally exposed systems that could provide criminals with entry points into internal networks. Hackers have a lot to gain from successful data breaches, and there are countless examples of well-funded and coordinated cyber-attacks against some of the largest companies in the UK.
Ironically, even Deloitte, the globe’s largest cybersecurity consultant, was itself rocked by an attack in October last year.
With highly sophisticated attacks now commonplace, businesses need to assume that they will be breached at some point and implement controls that help them to detect and respond to malicious activity before it causes damage and disruption.
3. Widely available hacking tools
While well-funded and highly skilled hackers pose a significant risk to your business, the wide availability of hacking tools and programmes on the internet also means there is also a growing threat from less skilled individuals.
The commercialisation of cybercrime has made it easy for anyone to obtain the resources they need to launch damaging attacks, such as ransomware and cryptomining.
4. A proliferation of IoT devices
More smart devices than ever are connected to the internet. These are known as Internet of Things, or IoT, devices and are increasingly common in homes and offices.
On the surface, these devices can simplify and speed up tasks, as well as offer greater levels of control and accessibility. There proliferation, however, presents a problem.
If not managed properly, each IoT device that is connected to the internet could provide cyber criminals with a way into a business. IT services giant Cisco estimates there will be 27.1 billion connected devices globally by 2021 – so this problem will only worsen with time.
With use of IoT devices potentially introducing a wide range of security weaknesses, it is wise to conduct regular vulnerability assessments to help identify and address risks presented by these assets.
5. Tighter regulations
It is not just criminal attacks that mean businesses need to be more invested in cyber security than ever before. The introduction of regulations such as the GDPR means that organisations need to take security more seriously than ever, or face heavy fines.
The GDPR has been introduced by the EU to force organisations into to taking better care of the personal data they hold. Among the requirements of the GDPR is the need for organisations to implement appropriate technical and organisational measures to protect personal data, regularly review controls, plus detect, investigate and report breaches.
WE CAN HELP YOU GET CYBER READY
Two Options to get Cyber Ready
What is Cyber Essentials?
The Government worked with the Information Assurance for Small and Medium Enterprises (IASME) consortium and the Information Security Forum (ISF) to develop Cyber Essentials, a set of basic technical controls to help organisations protect themselves against common online security threats.
The full scheme, launched on 5 June 2014, enables organisations to gain one of two Cyber Essentials badges. It is backed by industry including the Federation of Small Businesses, the CBI and a number of insurance organisations which are offering incentives for businesses.
Cyber Essentials is suitable for all organisations, of any size, in any sector.
From 1 October 2014, Government requires all suppliers bidding for contracts involving the handling of certain sensitive and personal information to be certified against the Cyber Essentials scheme.
What is an Information Security Management System (ISMS)?
ISO/IEC 27001:2013 (ISO 27001) is the international standard that describes best practice for an ISMS.
Achieving accredited certification to ISO 27001 demonstrates that your company is following information security best practice, and provides an independent, expert verification that information security is managed in line with international best practice and business objectives.
ISO 27001 is supported by its code of practice for information security management, ISO/IEC 27002:2013.
An ISMS is a system of processes, documents, technology and people that helps to manage, monitor, audit and improve your organisation’s information security.
It helps you manage all your security practices in one place, including legal and regulatory compliance, consistently and cost-effectively.
At the heart of an ISO 27001-compliant ISMS is business-driven risk assessments, which means you will be able to identify and treat security threats according to your organisation’s risk appetite and tolerance.