A worldwide study of the challenges companies face in protecting their businesses from increasing cyber security incidents has been published. While it shows that positive steps are being taken by business to address potential security threats in our increasingly cloud-based world, it concludes that the greatest threat still remains a human one – from disgruntled employees or business partners.
The main takeaways from The Global State of Information Security® Survey 2016 by PwC, CIO magazine, and CSO are positive ones: 91% of organisations have adopted some kind of security framework; 69% use cloud-based security services to protect sensitive data; and 58% have an overall information security strategy. However the survey also reports that 38% more security incidents were detected this year than last, and while employees remain the most cited source of compromise, incidents attributed to business partners climbed 22%.
As we move into an era where we are more mobile and where the appliances we use both at home and at work are going to be plugged into the Internet of Things it is important to be mindful of the threats that exist.
Info Sec policy
Top of your list should be a clearly defined Information Security Policy. This should clearly categorise the types of data held; which people should have access to it; and where they can have access to it. Also consider how your new InfoSec policy is enforced: a strong Active Directory Group Policy is always a good start.
A structured approach to encryption should be a given as part of the overall info sec policy. In larger businesses and public sector organisations some corporate data will be so sensitive it should only be accessed by certain members of staff using multi-factor authentication keys either software or hardware based. The policy should explain where it is vital that data is encrypted and for which information data encryption is less important.
A security access policy should also be included in the overall strategy. An end-to-end authentication system will give certain users the ability to authenticate the encryption being used and provides a further layer of data protection.
Ultimately though, it is vital that you understand the human beings who have contact with your data. By knowing your employees and the partners you do business with – understanding them and what is happening in their lives – you will be able to flag up situations where they might potentially want to do the organisation harm.
According to The Global State of Information Security study, the average cost of a cyber-security incident is £1.7 million. By combining secure internal policies towards information security with the use of software tools to audit who is doing what on your network, organisations can avoid this financial pain by gaining a better understanding of and detecting potential threats to their data.
As Richard Horne, PwC’s cyber security partner, puts it, “In our digitally-interconnected world, businesses cannot stand still. They need to prepare and continually test their defences – and respond to breaches – in the face of incredibly sophisticated attacks. This requires commitment and leadership from the very top of an organisation to prevent breaches, but also to detect and respond to them rapidly and in the right way when they happen.”
To find out more about how iomart can help protect your business, download our Data Protection whitepaper