DCSM Cyber Security Report - Industry Commentary
April 2017 by Experts
Following the Department for Culture, Media & Sport issuing its 2017 Cyber Security Breach Survey findings.
Please find below viewsfrom cybersecurity experts David Kennerley and John Madelin.
John Madelin, CEO at Reliance acsn:
Ahead of GDPR coming into force next year, the DCMS report has some interesting findings, especially with regard to reporting data breaches externally. Under GDPR businesses will have to notify authorities of a data breach within 72 hours and without undue delay. With almost half of UK businesses suffering a cyberattack in the past 12 months, and larger firms suffering them on a monthly or daily basis, it’s clear that businesses still are struggling with getting basic security right. As businesses become more and more digitised it’s crucial that organisations understand what their critical assets are, where they are stored and who has access to them. Once businesses get to get to grips with these basics, implementing a comprehensive security plan becomes far easier and can serve to mitigate the costly impact of data breaches.
David Kennerley, Director of Threat Research at Webroot:
Cyber-security is without a doubt one of the biggest issues facing organisations today and this morning’s report unfortunately highlights the need for further awareness and vigilance when it comes to security breaches. Following a mammoth year of high-profile attacks on organisations across all sectors it is clear that all businesses and their employees need to understand the importance of working together to prevent cyberattacks. After all, cybercriminals only need to find one hole in the defence, whereas security professionals have to secure all. This shines a spotlight on the need for strong and continuous communication between organisations and their employees.
Part of the problem is lack of user education which is vital in order to tackle the four most common types of breaches as identified in today’s report. Educating employees on the risks associated with cybercrime, with regular training and testing is essential to ensure robust security and should never be underestimated. This time next year we’ll be preparing to implement the EU GDPR which will mean organisations must adopt a zero tolerance attitude when dealing with sensitive customer data, or face hefty financial and reputational repercussions. Businesses need to understand the benefits using a combination of technology and to ensure businesses are fully protected and prepare for if and when the worst does happen.