Business leaders’ awareness of the threat to their data posed by cybercriminals is generally good. But this doesn’t always translate into full protection of systems and information.
In a survey of SMEs carried out by QMS, 48.6% of respondents reported that their business was ‘very aware’ of cyber-security threats, while 42.9% said that they were ‘quite aware’.
However, as per a March 2021 survey by the UK government, four in ten businesses (39%) and a quarter of charities (26%) reported suffering a cyber-security breach or attack in the last 12 months. The figures are higher among medium businesses (65%), large businesses (64%) and high-income charities (51%).
This would suggest the organisations are still coming up short on data security. Further action is required, with data breaches capable of doing severe reputational damage – 44% of UK consumers claim they will stop spending with a business after a security breach.
So, where might organisations be making security missteps that leave them vulnerable to potential attacks?
1) Not recognising the ever-changing threat
The threat posed by cybercriminals is not static – it is changing all the time, in line with both the external environment and your internal IT infrastructure.
Perhaps the best example of the ever-changing threat is the COVID-19 pandemic. National lockdowns meant businesses had to adapt, with many sending their employees home. With an increased reliance on cloud platforms, VPNs, video conferencing platforms and personal devices, businesses have undoubtedly begun to face greater risks in terms of cybersecurity.
This should have seen organisations level up their cyber-security measures, however, the speed at which they had to adapt to lockdown made this difficult.
The UK government’s survey shows that fewer businesses are now deploying security monitoring tools (35% vs. 40% last year), or carrying out any form of user monitoring (32% vs. 38%).
This wouldn’t have been deliberate neglect, which is why having an IT partner who can raise awareness to changing threat levels and suggest an action plan can prove invaluable.
2) Investing in the wrong cybersecurity solutions
In its ‘State of Cybersecurity Report 2020’, Accenture identified ‘serious gaps in protection, very low detection rates, much longer business impact and customer data being exposed’.
The research shows that it’s not a case of organisations failing to invest in cybersecurity, but that security investments are failing, with security teams discovering little more than half (54%) of cyber-security breaches.
Every organisation is different in terms of the make-up of IT infrastructure and cyber-threat level. It’s crucial, then, that a thorough security assessment/audit is carried out before any cyber-security solution is proposed and taken forward.
Then, once the best solution is found, organisations need to ensure their security team – whether internal or external – is proactive in hunting, identifying and responding to threats.
3) Lack of security training
On average, 41% of employees across all sectors have not been provided adequate cybersecurity training, research suggests.
There is a big disparity from sector to sector – for example, just 16% of employees in the legal services sector say they’ve not had adequate training, compared to 86% in travel and hospitality.
You might say that’s fair enough given the sensitivity of the data involved, but no organisation is immune from the threat of a breach. In 2020, EasyJet revealed that a “highly sophisticated cyber-attack” had impacted around nine million of its customers. This could end up costing the company £18 billion.
Employees need training on everything from how to protect their personal devices to the latest phishing scams to minimise the risk of a costly breach.
Where Nebula can help?
We can help you overcome all three of the common pitfalls outlined above. Our Microsoft-based Frontier cybersecurity solution offers you intelligent security analytics and threat intelligence across your organisation. Nebula has the expertise to get the best from the Microsoft products and make them work well for individual clients – it isn’t always a one-size-fits-all solution.
We also offer IT training based on your organisation’s individual needs (we’re happy to come to you).
Or perhaps you want to obtain a National Cyber Security Centre certification, which demonstrates to all your stakeholders that you take cybersecurity seriously? We can walk you through what you need to do to get it.
We often find that the best way to start the dialogue is for you to tell us your cyber-security concerns. This way we can start devising solutions. So, get it all off your chest! Talk to us today.