The recent ransomware attack on Travelex is a salutary reminder of the constant security threat we all face. While we don’t know whether or not a ransom was paid in this case, it’s widely understood that some organisations have been willing to pay several times to have their data restored.
Although digitalisation brings many benefits, it has a major downside – increased organisational risk. Enabling users to access a corporate network from any location and device creates a significantly increased attack surface which those with malicious intent can target, and enables them to use a much greater range of threat vectors.
With new cyber threats constantly emerging, we’re often asked for advice on how to stay one step ahead of the hackers and cyber criminals. A good first step is to review your organisation’s cyber security against five key controls set out in the National Cyber Security Centre’s Cyber Essentials scheme (see our recent blog), and it’s also vital to ensure that everyone in your organisation is prepared in case the worst happens.
If you were looking for help to improve your business’s cyber security, a good place to start would be the UK’s National Cyber Security Centre, part of GCHQ, whose role is to keep the country secure against cyber attacks. So when they provide free advice, you’d expect most businesses to be rushing to implement it. However, you’d be wrong. The NCSC has developed a security tool to help organisations protect themselves against the most common cyber threats, but although it’s been available for almost five years, less than ten per cent of UK businesses have implemented it.
You want to innovate. To transform your organisation with new services and help achieve the top-line. Security and compliance can seem like endless red tape and bureaucracy that simply get in the way.
In the last few days, there’s been a lot of discussion of a security flaw (Meltdown and Spectre) affecting the X86 CPU architecture and more specifically Intel CPUs. It was discovered by Google some time ago and was not scheduled to be made public just yet. However, growing information and leaks online led to Google releasing it early. This forced Microsoft to release the hotfix for Windows and the Microsoft Azure planned VM maintenance scheduled for 10th January has been brought forward to happen almost immediately.
With GDPR only seven months away now, one aspect of compliance we all need to consider is how to secure personally identifiable information (PII) on laptops and other mobile devices. This data is harder to control and at a greater risk of being compromised because it’s not behind the company firewall.