According to a BBC report released this month, GCHQ, a UK government intelligence agency is to advise organisations to ‘create a more security conscious culture’.
This follows an earlier disclosure in June 2012 that MI5 is battling an ‘astonishing’ level of cyber attacks on UK industry. In fact, the British government estimates that UK businesses lose a staggering £21bn a year to Internet crime. Cyber criminals aren’t partisan – their targets span all sectors, and this year alone victims have included government bodies, charities, banks, engineering firms, broadcasters and academic institutions.
Interestingly, the BBC report also highlights a recent survey which suggested that ‘nearly 9 out of 10 UK businesses were very or fairly confident about their defences.’
This points to a worrying disparity between enterprises’ perceptions of the capabilities of their IT security strategies, and the reality. It also raises the question: do organisations really understand what the threats are? And if you don’t know what’s out there, how can you protect against it?
The reality is that too many organisations are woefully unprotected against cyber crime and data loss, but remain unaware of this fact until it’s too late
In an attempt to address this issue, the GCHQ will suggest at a forthcoming foreign office press conference that in many cases, confidence in IT security systems is misplaced. To better protect their IT infrastructure, the government will recommend that enterprises make security a more visible part of everyday corporate life.
This is something Clearswift has been saying for a very long time. It's not always possible to know all the potential threats that could damage your organisation, but there are simple steps you can take to step up your security measures regardless.
An educated workforce is the backbone of any robust security strategy. We have long recommended that organisations: 1) establish a policy 2) educate employees 3) enforce with robust web and email security solutions that enable, rather than prohibit, free-flowing digital communications.
It’s also worth remembering that although cyber crime is a real and significant threat, accidental data loss caused by human error can be just as damaging.
It’s not enough to simply block inbound threats; protecting your data from the inside is crucial. Businesses need to find a way to manage the two-way flow of digital communication inside and out of the organisation. Reinforcing intelligent web and email gateways with clear policies, education and openness, is a great way to start.