Cyber security

Our Head of Information Technology, Sanjay Sood, explores how identity management is playing a crucial role in protecting firm and client data.

It is not hyperbole to say that the Covid-19 quarantine era is one of the most stressful and uncertain times in recent history.

To take advantage of emerging trends in both technology and cyberspace, businesses need to manage risks in ways beyond those traditionally handled by the information security function, since innovative attacks will most certainly impact both business reputation and shareholder value.

Ransomware creates a nightmare scenario for every business it targets. It results in lost access to critical systems and data, prolonged downtime, lost productivity, and lost profits.

What we continue to see is that no one is immune. There is no real pattern to the types of organisations being attacked, however clearly the larger high-profile brands are the ones that receive the most publicity.

The world is moving on quickly. Smart devices and social media are intertwined, leaving users, homes, healthcare, financial, manufacturing and other industries vulnerable, hackable and easy targets to be taken down and/or held for ransom.

Increased cybercrime on middle market businesses as a result of digital transformation

In today’s fast-changing digitally led economy, most businesses are currently going through some form of digital transformation either to improve their offering or to streamline their operations, with many already seeing the benefits of financial investments made. The Catch-22 is that with this increased use of technology and collection of personal data, the need for protection increases. But not all businesses are actively protecting themselves against cybercrime.

Business leaders feel a lack of confidence in their ability to protect their businesses and a sense of inevitability and resignation to an attack, with many believing hackers will always outwit preventative software.

There is a gap in senior management’s engagement and prioritisation of cybersecurity that needs to be addressed, with lack of discussion around the risks at board level and ambiguity over who is responsible for cybersecurity in the organisation.

The GDPR is identified as the key driver to businesses taking the first steps in cybersecurity and the legislation is justifiably seen as a champion in this space, but there have been some unintended consequences.

Correctly, most businesses see human error as the core area of vulnerability with targeted attacks on staff via phishing, whaling and ransomware attacks being the most sensitive touchpoint, so what can be done to educate employees?

Having a culture which encourages staff to report data breaches is key to ensuring that the real scale of the threat can be determined, and so that root cause analysis can be undertaken to help prevent future attacks.

An industry shift around cyber risks, threats and breaches is needed and transparency is at its heart. Here are RSM’s top tips to help make cybersecurity a priority.

Almost half (46%) of successful attacks target under-trained employees 75% of attacks never become public knowledge despite GDPR breach notification requirements 62% believe hackers are more sophisticated than security software developers