Bring Your Own Device (BYOD), the growth of cloud networks and IT consumerisation have all made maintaining network security more complex.
As your network grows so does its perimeter, and with ever more data shifting to and from the cloud, additional points of vulnerability are exposed. All data and assets must be secure all of the time, whether in or out of the Cloud.
more than 4 in 10 businesses experienced a cyber security breach or attack in the previous 12 months
The UK Government Cyber Security Breaches Survey of 2018 revealed that more than four in ten businesses experienced a cyber security breach or attack in the previous 12 months. But less than three in ten have a formal cyber security policy in place.
Breaches were more often identified among organisations holding personal data, utilising the Cloud, and where staff used their own devices.
Since 56% of businesses and 44% of charities hold personal data, and 45% of businesses and 65% of charities have BYOD, the risk is therefore considerable.
The survey also estimated that six in ten businesses use the Cloud – nearly seven in ten for medium-sized businesses. This figure, and the potential security threat is poses, is also rising.
In the qualitative survey, organisations acknowledged that BYOD made cyber security more difficult to manage, because there was less technical control that could be imposed on personal devices.
Yet only 19% of businesses where BYOD was present had a security policy covering the use of personally owned devices for business activities.
Three-quarters of businesses (74%) now say that cyber security is a high priority for their organisation’s senior management.
However just 30% of businesses have a board member with responsibility for cyber security and 20% admitted to never updating their senior managers on cyber security issues.
The survey also noted that spending on cyber security tends to lose out when competing against other priorities, despite its business criticality.
Preferring to spend money on marketing rather than security (as one business confessed it did) may seem like a route to growth.
But as the survey pointed out, cyber security investment is a vital part of keeping key services running, finances secure, data safe and reputations intact. Without it, there may be no business to grow.
The requirement for organisations to have robust safeguards against cyber attacks and data breaches has also increasingly become a regulatory issue.
Britain’s most critical industries could be fined up to £17m if they leave themselves vulnerable to cyber attacks
The UK’s implementation of the European Commission’s Network and Information Systems (NIS) Directive imposes fines of up to £17m on leaders of Britain’s most critical industries if they leave themselves vulnerable to cyber attacks.
The Networks and Information Systems (NIS) Directive was the first piece of EU-wide cyber security legislation.
It aims to raise levels of overall security and resilience of network and information systems across the EU.
Such systems and the essential services they support play a vital role in society, from ensuring the supply of electricity and water, to the provision of healthcare and passenger and freight transport.
Their reliability and security are essential to everyday activities. Its implementation was seen as an opportunity to put mechanisms in place that drive real improvements to national cyber security.
The deadline for member states transposing the directive into domestic legislation was 9 May 2018.
Also in 2018, the EU-wide General Data Protection Regulation finally came into effect after a two-year preparation period for organisations to ready themselves.
The highest level of fines for infringements reaches €20 million, or 4% of worldwide annual revenue, whichever is higher.
(Observers have noted that after a relatively quiet first year for GDPR, the coming months may see a flurry of high level fines from cases that the authorities have been slowly building.)