Doing nothing is not an option and business owners need to ensure that they take positive steps to manage these risks and make their organisations cyber resilient.
The internet has undoubtedly revolutionised our lives at a speed and scale that was unimaginable when the web was first made publicly available only 25 years ago, on 6th August 1991. Today digital technology is fundamental in delivering the business innovation, collaboration, productivity, competitiveness and customer engagement that is driving the booming digital economy. At the same time, it is producing a new digitally aware generation that are dependent on “apps” that can become worldwide phenomenon overnight, taking gamers out of their darkened rooms and on to the streets as they compete to capture, train and battle Pokémon characters on their mobile phones!
However, there are more serious games being played out online. The benefits of the internet also bring significant risks as cyber criminals, hacker groups and potentially hostile nation states have been quick to utilise these same benefits to develop malicious capabilities for their own nefarious ends. This focus, driven by the potential for massive financial gains has led to the involvement of organised crime and the establishment of sophisticated underground marketplaces and supply chains where tools, expertise and data can be traded. The result is that the criminals are often able to outpace the government’s responses to cybercrime.
The threats are many and varied and include: vulnerabilities in software and hardware that could be exploited by criminals; the tsunami of personal and business information shared too easily and frequently on social media that enables criminals to target us and our organisations; the ability of criminal groups to target millions of potential victims in one day through malicious emails, and the risks of insiders, whether that’s a disgruntled employee or a targeted infiltration of your company.
The reality is that every business connected to the internet can expect to fall victim to cyber-crime at some point. The challenge is that senior executives and business owners are all too often unaware of the scale of the issue. Despite increased media coverage of high-profile breaches, many NI business executives still believe their organisation will not be a target and often do not fully understand the value of their data and the true business impacts of a cybersecurity incident.
We have seen that Pokémon Go gamers have been singularly adept at focusing on their game whilst failing to recognise the risks from their physical surroundings which has resulted in them being mugged, walking in front of traffic or worse. The US State Department recently warned players visiting Cambodia to look out for unexploded mines after a recent spike in landmine deaths! Businesses are in danger of focusing on their normal business risks whilst ignoring the online threats they face.
Directors need to take active steps to manage the cyber threats to their organisations.
- Understand what information they hold and what would be the consequences if this information was stolen or lost or was not available when required.
- Make sure that they have security controls in place that meet at least the minimum cyber security standards, but remembering that the threats are constantly evolving and that this requires ongoing activity to keep their business safe.
- Use and embrace new technology and cloud services from a position of knowledge, making sure that they understand and manage the associated risks.
- Ensure their organisation has the correct certifications in place to demonstrate its cyber-resilience capability to its supply-chain partners, regulators and in tender responses.
- Make plans on how to manage a security incident before it happens.
- Test security controls and plans regularly.
The UK Government is making significant investments to help businesses tackle these issues and there are good guidance resources available online that can help senior executives to understand this subject better and enable them to make conscious risk management decisions to protect their business. These guides include “10 Steps to Cybersecurity” and the Cyber Essentials scheme.
Government and law enforcement, despite their increased efforts, cannot address these challenges alone. Businesses in NI can make a valuable contribution in tackling these issues and are urged to collaborate more with the law enforcement agencies through schemes such as the Cybersecurity Information Sharing Partnership (CISP) to help collectively tackle cyber-attacks.
Together with a co-ordinated approach, businesses and government in NI can make NI one of safest places to do business online.