5 tips to help you weather the cyberstorm
Russell Poole, Head of B2B Security at O2 Business, has some insider tips for businesses to protect against the risk of cyber attacks.
In the UK, two thirds of large UK businesses were hit by a cyber-breach or attack in the past year. The stark reality is that organisations today need to plan for the worst and assume that at some point they could be breached.
One of my primary questions to customers is: if you were breached tomorrow, would you know and are you prepared? The global average timeframe for the detection of a breach sits at around 146 days. That’s over 4.5 months of an attacker live and infiltrating a network without detection, which in today’s digital environment could prove disastrous.
Most organisations have invested heavily in security technology, deploying solutions across their environments. Over time, these security installations have developed more and more complexity with the average enterprise now deploying 25 different security vendor technologies. With complexity comes challenges, not only on day-to-day management but also on analysis of the vast amounts of data these systems produce.
We’ve seen the growth of the SOC (Security Operations Centre), providing the intelligence behind these data streams. But with more than 1 million security roles unrecruited globally, a cyber security skills shortage is resulting in these SOC environments being tough to initiate, costly to run and challenging to manage staff attrition.
Protect your business
The UK Government’s Cyber Security Breaches Survey found that only half of all firms have taken any recommended actions to identify and address vulnerabilities. Even fewer, about a third of all firms, had formal written cyber security policies and only 10% had an incident management plan in place.
Speaking to the security experts among O2 Business customers and across the industry, it seems now is the time to re-evaluate. While environments continue to get more complex and the attacks become more targeted, we need to take a step back and review.
Here are five things you can do now to improve your business’s cybersecurity capability:
1. Simplify and consolidate technology – By consolidating varying technologies and rationalising your installations you can save cost and ensure the information coming from your devices is easier to collate, easier to understand and easier to act on.
2. Segment your digital estate – In a world where a breach is a near certainty, dividing environments into secure sectors ensures attacks are limited in their scope.
3. Partner with cybersecurity experts – Expert hands and a Security Operations Centre which can analyse and inform is now a necessity. Partnership may help you create or enhance internal SOC capability, or it may be better to engage a partner which has dedicated their business model around providing intelligence and defences – why build yourself when you may be able to partner a potentially superior solution without the challenges?
4. Prepare and skill up your CERT (Computer Emergency Response Team) – Identification is the first hurdle, but how do you deal with the threat and remove it within business-critical timeframes? CERT strategies are essential, either through internal capability or through partnership retainers, ensuring you keep reaction times to a minimum.
5. Plan for the worst – How is an attack identified and how are the aligned business decisions escalated? How will you investigate and deal with the problem? And how will you communicate with the media and your customers? Get your plans in place and while you hope for the best, you know you’ll be ready if the worst happens.
To find out more about cyber security from O2 Business, get in touch with your Digital Advisor, or contact us