Firms to be fined if they fail to protect against hackers - Commentary from Fujitsu and Smoothwall
August 2017 by Experts
Comments from Fujitsu and Smoothwall in light of the news today that the government has warned firms could face fines of up to £17m or 4% of global turnover if they fail to protect themselves from cyber-attacks.
Sarah Armstrong-Smith, Head Continuity & Resilience at Fujitsu UK & Ireland:
“This latest warning from the DCMS demonstrates the reality we now all live in, where cyber-attacks and data breaches are always going to be a threat. The worrying reality is that security is often an afterthought and security fundamentals are still not being followed such as changing default passwords. Hopefully the news of such fines will wake organisations up to the seriousness of the consequences from a financial stand point, never mind a reputational one.
“In security we talk about when not if a security breach will occur, but that does not mean organisations should not be taking all the necessary precautions to limit the potential impact of a breach. In fact, the fast approaching implementation of GDPR will oblige organisations to carry out thorough preparations of their systems. Organisations should also use this as an opportunity to get all of their cyber measures in place, not just their data.
“Organisations need to focus on the integration of threat intelligence and other information sources to provide the context necessary to deal with today’s advanced cyber threats. There must be a clear and well-rehearsed incident management plan for a breach, addressing internal and external communication in addition to containment and recovery activities. Now is the time for organisations to stop being hunted and instead become the hunter when it comes to cyber security. Ensuring a compliant business environment, that will help protect the services that we depend on as a nation.”
Rob Wilkinson, Corporate Security Specialist at Smoothwall:
“On the face of it, it could seem like an empty threat, but the government’s plans to fine firms for failing to protect themselves from cyber attacks is an important step in protecting the services that keep our country running. The companies that provide water, energy, transport and health services are the ones in the government’s line of sight; as we’ve seen with the WannaCry attacks recently on the public health service, such a similar attack on our infrastructure can have seriously debilitating consequences. Cyber security is not something any company of any stripe can take lightly nowadays – you only need to look at the various dating organisations, holiday websites, telecoms companies and email services that have been attacked recently to know that anyone can be a target.
“It’s not just data exploitation that’s the issue here – companies need to ensure they are protected as fully as possible from DDoS attacks, site outages and the risk of malware. Only by shoring up their web defences that span encryption, firewalls, web filtering and ongoing threat monitoring – and offering training to staff to teach them the dangers that cyber attacks pose – can a company truly say that they have a properly layered cyber defence.
“It’s not just small businesses that are at risk here; the very fabric of our country could be unwoven with an unprecedented attack on some of our most important services.”