The End of the “It’ll Never Happen to Me” Mentality

The End of the “It’ll Never Happen to Me” Mentality

Stephen Morrow

Principle Security Consultant at SQS

Views 884

The End of the “It’ll Never Happen to Me” Mentality

17.05.2017 07:00 am

Take security seriously

The end is nigh. More and more data breaches are happening each day and more information is being stolen than ever before. Attack vectors such as distributed denial of service (DDoS) and Ransomware are on the rise. The former taking out half of the Internet last October when global DNS server Dyn got hit by a huge DDoS attack[1].

Now is not the time to bury our collective heads in the sand, although that has been the defensive tactic of many thus far. UK businesses need to sit up and start taking the requirements for information security seriously. It simply can’t be ignored any more. This awareness must be a three pronged attack by the media, the industry and the Government.

Larger fines

There are plenty of stark warnings in the media, however, the C-suite have until now often been reticent to take them seriously. Coming into force 25th May 2018, the General Data Protection Regulation (GDPR) could be the regulation that makes them sit up and take notice. The regulation, backed by the European Parliament, the European Council and the European Commission, intends to strengthen and unify data protection for individuals within the European Union (which for the immediate future, at least, we remain part of).

The fines for those companies in breach of the regulations will rise, going up to 20 million Euro or 4% of the annual worldwide turnover of the preceding financial year, whichever is greater. This rise has quite rightly put GDPR on the agenda of even the most technophobe CEO.

A security DNA

Security must run through the very DNA of any organisation wanting to compete in these digital times. Yet, most manufacturers – particularly those from a hardware background – are trying to incorporate more and more complex technology on top of already insecure legacy systems. Information security can no longer be an afterthought but rather should be built into the software development life cycle (SDLC).

It is also imperative to implement the correct security architecture and keep it up-to-date. Technologies such as social networks and the Internet of Things (IoT) have changed the business landscape beyond recognition in the past decade and there is no reason to believe this pace of change will suddenly come to a stop. Put simply, the pace of technological change and the complexity that comes with it is the greatest enemy of security today. We always have to play catch up with the bad guys as they find new ways to infiltrate and now is not the time for complacency.

The need for cyber breach drills

Most offices hold regular fire drills and businesses need to treat cyber breaches in the same way. To ensure everyone within the business, from the board to the proverbial shop floor, understand what they need to do to mitigate the impact of a breach, simulations need to be run.

Cybersecurity should be everybody’s responsibility, not just the C-suite. One of the best tactics is to have a number of security advocates within the organisation, to ensure it is up-to-date on emerging cyber security trends and education runs throughout the business. It is, though, also important someone is ultimately held responsible for cybersecurity.

No-one wants to be next

As we have seen over the last 12 months, all industries are vulnerable to cyber security breaches. The negative headlines suffered by the likes of TalkTalk means nobody wants to be the next unwitting CEO to be attacked.

In this day and age, the repercussions of a breach are deep reaching. Whether they are in the form of direct losses such as theft, indirect losses such as brand impact, or productivity losses such as critical system outage. A cyber breach can bring a business to its knees to the point of no return.

In the firing line

Now is not the time to take chances. The threat of a breach is still not being taken seriously enough by many and there needs to be an end to the “it will never happen to me” mentality. In our experience, there’s not enough money being invested in the right places, especially by those responsible for the protection of personal information and valuable intellectual property e.g. healthcare, finance and defence sectors. With ever more stringent regulations – such as the aforementioned GDPR – senior teams need to take responsibility and know they themselves are in the firing line if a breach occurs.

Only by integrating security experts throughout the SDLC and wider supply chain can we address the growing scourge of cyber breaches. The use of quality specialists can help to plug any potential loopholes from the beginning, limiting security and privacy risks from the outset.

 

Latest blogs

N/A ReliaMax

College Dreams? Here’s How to Get Accepted

Higher education in the United States is not just about getting accepted, it is about where you get accepted. Sure, there are options, there are seemingly endless options - from community colleges to Ivy League schools and everything in between. The Read more »

Bobby Gill GCWealth

Bobby Gill: 3 Ways Fintech is Helping Small Businesses During the Pandemic

Image Source: Pixabay. Back in April, the US oil prices sank to a 20-year low. In the UK, road traffic levels hit a 70-year low. Worldwide, due to lockdown, retail, travel, and restaurant bookings have dropped by 85%. More than 430 million Read more »

Christa Ardley Bitstocks

Bitcoin and blockchain without the b******t

An industry once viewed by the general populace as a haven for criminals and online scammers, and still somewhat marred by fractious in-fighting, Bitcoin and blockchain are gradually casting off their outdated negative reputation; as the focus Read more »

Otabek Nuritdinov Safenetpay

Beyond Payments Services

    Why it really matters for small for medium-sized enterprise (SMEs) to choose the right payments services provider. Strategic planners in the financial services sector often define their business in terms of products that Read more »

Chak Kolli DXC Technology

How Can Insurers Realise the True Value of AI?

As Artificial Intelligence (AI) and digital transformation find their way into every aspect of our daily lives, we are gradually seeing changes taking place in different sectors. Progressively, AI is permeating the insurance value chain and it is Read more »

Related Blogs

James Richardson Bottomline Technologies

Payment Protection for the Modern Age

Modern cybersecurity professionals have succumbed to an arms race with criminals as corporate defence spends balloon, attempting to keep pace with ever-evolving infiltration and extraction techniques. As expenses grow, dangers continue to mount. In Read more »

Simon Viney BAE Systems Applied Intelligence

The Retro Fraudster: How to Spot the Old-school Tactics Making a Comeback

As technological innovation drives new opportunities for fraudsters, digital security counter-measures could inadvertently be encouraging a resurgence of old-school tactics. These criminals know that today’s customers are wise to some of the more Read more »

Jay Ablian Fiserv

Despite Mixed Messages from Consumers, Businesses Shouldn’t Slow Cybersecurity Efforts

Many businesses have increased their investments in cybersecurity and data protection in recent years and, in many ways, it has paid off. Consumers have seen a 25 percent decrease in debit and credit card compromises since 2017, according to a Read more »

n/a n/a

Cryptocurrency And Cybersecurity For Your Business

While there is hardly any denying that cryptocurrencies such as Bitcoin are quite important for businesses as it enhances customer convenience in terms of payments among other benefits, although, many businesses find themselves confronted with Read more »

Jorge M. Taboada buguroo

Buguroo’s Three Fraud Predictions For 2020

As banks strive to make online banking even easier and payments even faster for their customers, they also face a race against the clock to keep their security up-to-date and compliant. Here are three fraud trends we expect to see move up the Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel