Are You Ready for the Cyber-attack Lurking Just Around the Corner?

Failure to prepare is preparing to fail.

That adage rings true in so many facets of our lives – the words of my primary school teacher still ring through my head at the sight of them, but she was right enough. It’s a good way to stay ahead of the game in terms of cyber resilience.

Cyber incidents are continually evolving, with new varieties of attack taking the fore on a seemingly weekly basis. In the last year, we’ve seen major Distributed Denial of Service (DDoS) attacks from botnets made up of insecure Internet of Things devices rendering popular connected services including Twitter, Github, Spotify among others unavailable. There have been repeated outbreaks of ransomware on a colossal scale, with WannaCry and NotPetya wreaking havoc one after the other and costing various organisations across the globe huge sums through downtime and lost data, not to mention the potential healthcare implications after the NHS were among the organisations brought to a standstill.

With such a variety of attacks striking in succession, each bringing their own symptoms and issues, how can organisations best be prepared for the next big attack – which could be just around the corner?

The recently released FTSE 350 Cyber Governance Health Check Report 2017 shows that attitudes towards the problem of security are improving, but there is still work to be done. The report, commissioned by the UK Government, is now in its 4th year and takes a close look at how the UK’s top 350 companies are managing their cyber risk.

The 2017 report shows that 58% of Boards have a clear understanding of the potential impacts resulting from a loss of, or disruption to, key information or assets, and 54% of Boards view cyber risk as a top / group risk, when compared with all the risks faced by their company; both figures which rose from 49% in the 2015-16 survey, and a distinct improvement.

Alarmingly however 68% of Boards surveyed said they have still not received any training to deal with a cyber incident. Given the substantial threat to organisations cyber incidents represent and the increasing frequency with which attacks are disrupting businesses, something must be done.

68% of Boards surveyed said they have still not received any training to deal with a cyber incident.