The End of the “It’ll Never Happen to Me” Mentality

The End of the “It’ll Never Happen to Me” Mentality

Stephen Morrow

Principle Security Consultant at SQS

Views 912

The End of the “It’ll Never Happen to Me” Mentality

17.05.2017 07:00 am

Take security seriously

The end is nigh. More and more data breaches are happening each day and more information is being stolen than ever before. Attack vectors such as distributed denial of service (DDoS) and Ransomware are on the rise. The former taking out half of the Internet last October when global DNS server Dyn got hit by a huge DDoS attack[1].

Now is not the time to bury our collective heads in the sand, although that has been the defensive tactic of many thus far. UK businesses need to sit up and start taking the requirements for information security seriously. It simply can’t be ignored any more. This awareness must be a three pronged attack by the media, the industry and the Government.

Larger fines

There are plenty of stark warnings in the media, however, the C-suite have until now often been reticent to take them seriously. Coming into force 25th May 2018, the General Data Protection Regulation (GDPR) could be the regulation that makes them sit up and take notice. The regulation, backed by the European Parliament, the European Council and the European Commission, intends to strengthen and unify data protection for individuals within the European Union (which for the immediate future, at least, we remain part of).

The fines for those companies in breach of the regulations will rise, going up to 20 million Euro or 4% of the annual worldwide turnover of the preceding financial year, whichever is greater. This rise has quite rightly put GDPR on the agenda of even the most technophobe CEO.

A security DNA

Security must run through the very DNA of any organisation wanting to compete in these digital times. Yet, most manufacturers – particularly those from a hardware background – are trying to incorporate more and more complex technology on top of already insecure legacy systems. Information security can no longer be an afterthought but rather should be built into the software development life cycle (SDLC).

It is also imperative to implement the correct security architecture and keep it up-to-date. Technologies such as social networks and the Internet of Things (IoT) have changed the business landscape beyond recognition in the past decade and there is no reason to believe this pace of change will suddenly come to a stop. Put simply, the pace of technological change and the complexity that comes with it is the greatest enemy of security today. We always have to play catch up with the bad guys as they find new ways to infiltrate and now is not the time for complacency.

The need for cyber breach drills

Most offices hold regular fire drills and businesses need to treat cyber breaches in the same way. To ensure everyone within the business, from the board to the proverbial shop floor, understand what they need to do to mitigate the impact of a breach, simulations need to be run.

Cybersecurity should be everybody’s responsibility, not just the C-suite. One of the best tactics is to have a number of security advocates within the organisation, to ensure it is up-to-date on emerging cyber security trends and education runs throughout the business. It is, though, also important someone is ultimately held responsible for cybersecurity.

No-one wants to be next

As we have seen over the last 12 months, all industries are vulnerable to cyber security breaches. The negative headlines suffered by the likes of TalkTalk means nobody wants to be the next unwitting CEO to be attacked.

In this day and age, the repercussions of a breach are deep reaching. Whether they are in the form of direct losses such as theft, indirect losses such as brand impact, or productivity losses such as critical system outage. A cyber breach can bring a business to its knees to the point of no return.

In the firing line

Now is not the time to take chances. The threat of a breach is still not being taken seriously enough by many and there needs to be an end to the “it will never happen to me” mentality. In our experience, there’s not enough money being invested in the right places, especially by those responsible for the protection of personal information and valuable intellectual property e.g. healthcare, finance and defence sectors. With ever more stringent regulations – such as the aforementioned GDPR – senior teams need to take responsibility and know they themselves are in the firing line if a breach occurs.

Only by integrating security experts throughout the SDLC and wider supply chain can we address the growing scourge of cyber breaches. The use of quality specialists can help to plug any potential loopholes from the beginning, limiting security and privacy risks from the outset.

 

Latest blogs

Nish Kotecha Finboot and Bryan Foss, NED, Visiting Professor at Bristol Business School and member of the FRC Audit & Assurance Council

How Listed Companies Can Use Blockchain to Prevent Auditing and Reporting Malpractice and Avoid Scandal

Not too long ago, there was very little to link Wirecard, the disgraced payments platform in Aschheim, Germany, with Boohoo, the fast-fashion online retailer in Leicester, England, but both have recently been embroiled in high-profile scandals. Read more »

Leon Muis Yolt Technology Services

The Time for Financial Services to Become Truly Digital is Now

The financial services industry looks set to change dramatically over the next couple of years in response to COVID-19. The pandemic has certainly highlighted some inefficiencies and weak spots in current processes for many businesses, such as those Read more »

Granville Turner Turner Little

The Lockdown Money Revolution

Many Brits have found that lockdown has been beneficial for their money, having cut back on personal spending and managing to put away some extra cash. According to eToro, Brits with unspent discretionary income are set to accumulate £75.5bn in Read more »

Sandra Higgins Sysnet Global Solutions

Are You ‘Prescribing’ the Right Security Solution to Your Merchants?

When it comes to leading a healthy lifestyle, eating the right food, taking regular exercise, and maintaining a positive mindset are key. However, despite these best intentions and practices, you still might not get all the nutrients your body needs Read more »

Robert Flowers DivideBuy

It Doesn’t Have to Be the End – How Retailers Can Grow in Light of COVID-19

It’s no news that the retail industry has been flipped on its head by the COVID-19 pandemic. Due to the lockdown, most in-store operations have been shut down, and nationwide furloughs, reduced pay and steady streams of income at risk have fuelled a Read more »

Related Blogs

Dmytro Volkov CEX.IO

Security Basics: 5 Signs of Phishing

A recent WatchGuard Technologies survey showed that 86% of UK companies expect an increase in cyberattacks in the next 12 months. One big threat in particular is phishing attacks linked to COVID-19, which have recently been gaining popularity among Read more »

Fraser King Vodafone Business

Protecting the End-user at All Costs: How to Stop Cyber Fraud on Mobile

In an age of large-scale data breaches and advanced social engineering tactics, it’s clear that the fight against cybercrime never stops. This has only been amplified by the coronavirus pandemic, which has provided fertile ground for cybercriminals Read more »

Tom Kellermann VMware Carbon Black

Modern Bank Heist: from smash and grab to hostage situation as cyberthieves evolve

The financial sector is historically one of the most secure industries in the world. It needs to earn trust and convince customers that their hard-earned money is safe. Nevertheless, the fact that banks are guardians of the one thing cyber criminals Read more »

Mikkel Stegmann Fingerprints

Convenience + Security: The Maths of Multi-Modal Authentication

For today’s efficiency-loving consumers, convenience is more important than ever. When it comes to unlocking our smartphones, for example, the hassle of having to remember PINs and passwords has been long discarded in favour of quick and easy Read more »

James Richardson Bottomline Technologies

Payment Protection for the Modern Age

Modern cybersecurity professionals have succumbed to an arms race with criminals as corporate defence spends balloon, attempting to keep pace with ever-evolving infiltration and extraction techniques. As expenses grow, dangers continue to mount. In Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel