- 24.11.2020 01:45 pm
- 23.11.2020 01:15 pm
- 20.11.2020 01:00 pm
- 20.11.2020 11:15 am
- 19.11.2020 08:15 pm
- 19.11.2020 08:00 pm
- 19.11.2020 10:15 am
- 19.11.2020 10:15 am
- 18.11.2020 12:15 pm
- 17.11.2020 05:00 pm
- 17.11.2020 12:45 pm
- 16.11.2020 10:15 am
A ‘cyber mythology’ has been created by the industry to sell unnecessarily expensive solutions through fear. All recent high profile cyber-attack incidents could and should have been prevented with relatively low cost solutions. It is necessary to simplify everyone’s understanding of the threat.
In the last week alone I have dealt with major clients from the Banking, energy, telecoms and retail sectors as well as many small businesses. The threats are very different but the common denominator is one of confusion of what exactly they need to do to protect themselves and their horror at what they had been quoted elsewhere to help resolve a problem they didn't understand.
The reason breaches are growing is because companies aren’t protecting themselves properly, because they are being made confused by the cyber security vendors. A ‘cyber mythology’ has been created by the industry, to sell unnecessarily expensive solutions through fear. All recent high profile cyber-attack incidents could and should have been prevented with relatively low cost solutions.
It is necessary to simplify everyone’s understanding of the threat. Whenever I give advice to clients on this subject to business or at a national level to formulate national security policies, the client emphasis is always around finding expensive technical solutions. The unfortunately more boring but more realistic (however considerably more effective and cheaper) solutions reflect a blend of technology, human education and procedural measures. And that blend depends entirely upon the type of threat a company faces.
I hope on the back of the breach Report, the new National Cyber Security Centre continues to make information easy for public and businesses to digest so they can become smart demandeurs of solutions, and works more robustly and innovatively with the Security Industry to remove some of the artificial expense for wider business to achieve certification and accreditations.
It isn’t either expensive or complicated to understand and manage these risks. But while it is still made so - the figures in these reports will continue to grow and we will be no safer.