New guidelines from GOV UK urge business to toughen up Cyber protection – Yubico comments
January 2024 by Niall McConachie, regional director (UK & Ireland) at Yubico
Yesterday (23rd January), the UK government published its newcyber governance code for businesses, which aims to help directors and business leaders boost their cyber resilience. This is set to empower organisations to reduce risks associated with business software, such as phishing attacks, protecting organisations, staff and customers.
The new guidelines will also encourage organisations to equip employees with adequate skills and awareness of cyber issues so they can work alongside new technologies with confidence.
Niall McConachie, regional director (UK & Ireland) at Yubico, comments on how improving business-wide security has become a strategic imperative:
“The new government guidelines highlight the strategic importance of cyber resilience within businesses. With cyberattacks like phishing not only on the rise, but also more sophisticated, it is essential for those in management and executive positions to prioritise, implement, and enforce modern cybersecurity initiatives. Failure to do so may put them at risk of data breaches that lead to both reputational and financial damage.
“While the guidance comes in light of rising cyberattacks amongst organisations, it fails to mention the prevalence of phishing as one of the most common forms of attack. According to a recent Yubico survey, many UK respondents have fallen victim to a phishing attack within a 12-month period; the research found 16 percent of respondents received an email asking for their organisation’s information to verify account credentials, and 13 percent received an email from a familiar company asking for their organisation’s data.
“Despite the frequency of phishing attacks, currently, only 24 percent of business owners and less than half (43 percent) of directors frequently discuss the importance of cybersecurity and how to best protect their employees. So it’s promising to see that, along with the new guidelines, the UK government is working to provide cyber security training for professionals. Cyber security awareness should no longer be reserved for the IT team – it is essential training for all employees and should be at the top of mind for everyone, especially executives who make decisions about day-to-day company operations.
“With technology constantly evolving and bad actors adapting their techniques, senior staff must regularly discuss modern cyber threats and prevention methods and move towards implementing robust cybersecurity practices and solutions that make their business resistant to phishing attacks. As most individuals and businesses are expected to encounter an increased amount of phishing attacks in 2024, phishing-resistant MFA tools like physical security keys will become critical, if not mandatory, within the near future."