0870 1999 500
[email protected]
Support
Facebook UK
Twitter UK
Google+ UK
LinkedIn UK

Location:

flag US flag Rest of World
flag UK
Smoothwall - Web Filtering & Internet Security Provider for Education, Government, Healthcare, Public Sector and Business
  • Solutions
    • SWG
    • UTM
    • Visigo
  • Markets
    • Education
      • State Secondary
      • Independents
      • Multi Academy Trusts
      • Further Education
    • Government
    • Healthcare
    • Third Sector
    • Business
  • Technology
    • Appliances
    • Content Aware
    • Features Overview
    • Product Updates
  • Resources
    • About
    • Blog
    • Careers
      • Tech Inclusion Programme
    • Customer Stories
    • Events
    • SAFE
      • Online Safety Zone
      • SAFE Masterclass Roadshow
    • The Digital Curriculum Report
    • Digital Transformation Whitepaper
  • Partners
    • Become a Partner
    • Find a Partner
    • Partner Portal
  • Support
  • Contact

2016 cyber threatscape: How to raise awareness with the Board

5th August 2016Claire SteadCorporate, Education, News, Public Sector, SecurityNo comments

Cyber threats are no longer a niche affair only thought of by the IT department. Mainstream media publishes daily news of cyber attacks, data breaches, ransomware, and more, making it a growing concern of the general public.

The persistent threat of sharing your information with an organisation at the risk that it could be hacked, stolen and sold, makes the trust consumers put in organisations weaken. The scaremongering can make it difficult for IT leaders to know where to allocate their focus, with budgets being stretched so thin that it’s often too difficult to protect against every cyber threat. And that’s the biggest difficulty to overcome; that it’s just a threat.

The Oxford English Dictionary describe a threat as “the possibility of trouble, danger, or ruin”. But that clearly outlines the issue, that there is only a possibility of something happening. No wonder it’s difficult to get buy in from the Board to invest in advanced security measures based just on the ‘possibility’ of an attack.

Board members like hard facts, and numbers. The Sales Director spends his life wondering about the possibility of whether targets will be met, but puts his neck on the line to commit to a number nonetheless. This poses the question: Should the CIO be put in a similar position, forced to commit to the likelihood of one out of a number of threats and just put the wheels in motion to protect against that one threat, because that’s what they decided to commit to?

It’s a minefield out there, and I can see why so many reports say that CIO’s are underprepared for cyber attacks.   The truth is, the Board need to weigh up the impact of the threats, and if they can really afford not to be protected. If sales targets aren’t met – the worst that can happen is probably a few layoffs. If a cyber attack sweeps your network, the reputational damage of data loss or financial damage of ransomware could literally wipe out your existence over night, and all that’s left is another news story about an organisation that was underprepared for the modern cyber attack.
Cyber threatscape blog

So how should organisations prepare themselves for the ever-advancing threatscape?

Acceptance is key. Every business, establishment, school and hospital should acknowledge that they are at risk. It’s very common to expect that in general it is large corporations who are at risk, because they are the ones with the big pots of money. However the media tell a different story and also identifies schools, universities and hospitals being at risk. The reason these kind of institutions are desirable to cybercriminals is because for public sector organisations, their reputational damage is much higher and they often hold substantially more confidential details about their customers. The need to get back to business as usual as soon as possible often sees these kind of establishments paying out on ransomware attacks, just for the purpose of business continuity.

SME’s are also at risk because they are often have less budget to protect themselves, however they act as a perfect gateway into much larger victims (you can read more about this in our post from May: The true cost of cybercrime and why SME’s are a target). In 2016, there isn’t an organisation that could claim they are truly exempt from the risk of a cyber threat, but those with strong security measures in place to protect themselves are certainly most likely to sleep easy at night.

To make sure there is acknowledgement at Board level of the need to invest in such protection, it is the job of the CIO to calculate the true impact and risk of each cyber threat. For example, what is the true impact of losing data? How many customers could this affect, and how many could we lose? What is the financial impact of this, and how much new business will we lose because of the reputational damage? How much will it cost to repair this?

As you can see, the CIO alone would not be able to answer these questions, and would need the input from Sales, Marketing and Finance, at the very minimum, to draw these conclusions. Once this exercise is complete, having recognition from other departments on the true cost of the threat makes it much easier to get Board level sign off for investment in protection.

Claire Stead
Head of Marketing
Previous post O2 suffers data breach with customers details sold on dark web. Next post The importance of identifying your organisation’s ‘crown jewels’ and putting security measures in place

Related Articles

eSafe

Cyber attacks on the rise within Education

5th April 2016Adele Bannister

The true cost of cybercrime and why SME’s are a target

26th May 2016Claire Stead
Smoothwall Infosecurity

Smoothwall attend Infosecurity Europe 2016

15th June 2016Adele Bannister

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Smoothwall - Web Filtering & Internet Security Solutions

Real-time, content aware web filtering technologies combined with next generation firewall give you The Web You Want. Developed in the UK.

Company Headquarters
Smoothwall Ltd
Avalon House
1 Savannah Way
Leeds Valley Park
LS10 1AB
UK

Solutions & Markets

Web Filtering (SWG)
Firewall (UTM)
Monitoring

Education
Government
Healthcare
Third Sector
Business

Resources

White Papers & Case Studies
Product Updates
Blog
Support
UserVoice
Certified Training
Partners
PartnerNet

Company

Contact
Careers
About
Events
Legal
Cookie Policy

© 2016 Smoothwall - The Web You Want
You are on the UK version of the site. Is this correct? Switch to US