Are You Fully Prepared for a Cyber-Attack?A Business Reporter Debate with Ian Bancroft, Vice President and General Manager, EMEA, SecureWorks
You would be forgiven for feeling a little unsure. After all, in the current cyber climate, it’s not possible to guarantee 100% that you won’t be breached. We’ve seen hacks go undetected for 314 days so it’s important to know plans are in place to prevent an attack, as well as an incident response plan once a breach occurs. But how to do that, and how to plan for the myriad of changing and upcoming regulations?
Digitalisation and preparedness
Advances in technology and digitalisation of our everyday lives have led to huge changes in the way we live and work. This leads to benefits but also creates a level of responsibility for cyber security readiness for each of us as individuals as well as for organisations.
Being prepared is about more than simply installing a firewall and hoping the organisation is now safe. It's about ensuring people have access to only the documents they need and that they're trained to avoid obvious hacker attempts to gain access.
It's also about having the right technology in place to provide the baseline for a solid security posture The last element which is vitally important is around processes: what are the day to day processes for a secure organisation, and, do people know what to do if they discover a breach?
Regulation and compliance
One of the key processes is to ensure compliance with the various rules and regulations which govern data management, and therefore the security of information. The General Data Protection Regulation (GDPR) is one of the upcoming regulations which organisations need to prepare for.
While it's not a cyber security focused set of rules, it's about securing EU citizen data and therefore is important for board members and security professionals alike to understand and be prepared. GDPR comes into effect in May 2018 so there's less than a year until all companies who interact with data in any way (for example storing credit card information and addresses) will need to be compliant. If an organisation is breached, they will need to declare it within 72 hours.
The penalties for either non-compliance or breaching the rules can be as steep as €20 million or 4% of revenue – whichever is greater. This is a strong incentive to ensure data security and compliance. While it could seem like a burden, prioritising compliance will enhance security posture and also be a business enabler for organisations as external customers and suppliers develop greater trust in that company.
The important human element
Artificial Intelligence helps us deal with the problem of cyber readiness on a much larger scale. However we still need the human intelligence element to help spot anomalies and create effective responses to cyber incidents in order to protect data.
Hackers are human beings and people will always try to find a way to work around a problem. They are always trying to develop new techniques to compromise organisations. We are all targets, and we can't define where attacks are coming from or what they will look like.
However, many hacks are opportunistic in nature. The benefit of this is that there are simple ways to minimise your exposure as an individual and organisation. This comes down to having the right tools, people and processes in place to support cybersecurity.