Cyber Security & Business Impact: New Strategies Enough to Mitigate Threats?

Cyber security threats are increasing as quickly as businesses can implement measures against them.

At the same time, businesses continue to embrace technological developments such as cloud services and user mobility, whilst introducing increasingly diverse platforms and devices into the workplace - many now employeeowned.

Businesses have to find ways to appropriately protect the exploding volumes of data, much of which is sensitive, against this backdrop of technology changes.

For both public and private sector organisations, whether large or small, the job of safeguarding data and IT assets from cyber criminals is a complex challenge.

Government Beginning to Drive Security Strategy

To drive awareness around the importance of protecting data, the UK Government developed a Cyber Security Strategy which is "committed to helping reduce overall vulnerability to attack and ensure that the UK is the safest place to do business".

One strand of the strategy was an executive briefing, which targeted the most senior levels in the UK's largest companies and provided them with practical advice on how to safeguard their most valuable assets, such as personally identifiable information, online services, and intellectual property.

Whilst at a high level this certainly is noble, the responsibility for the successful implementation of any strategy still falls to the individual company, and no matter what guidance the UK Government may provide, there is not necessarily a requirement to follow or adhere to that guidance.

However, the European Union has proposed an EU Data Protection Regulation in an attempt to mandate companies that process, store or transmit personal data to appropriately protect it, which is said to "save companies costs of up to €2.3bn per year and increase EU DGP by 4% by 2020".

The Elephant In The Room

This may be the case for larger multinationals which will benefit from a harmonised regulatory landscape instead of having to comply with different regulations by country.

However, the elephant in the room is the impact it will have on the 23 million SMEs within the EU, of which only 8% export .According to the European Commission, "the most important individual constraint reported by SMEs is the compliance with administrative regulations".

As identified in the Cyber Security Strategy in 2011, there exists a present cyber security threat to UK businesses which is continuously growing as we become more dependent and interconnected through technology in order to conduct business.

It is time for those at the upper management levels to fully appreciate that information security is of fundamental and integral importance to a successful IT strategy as attacks on technology have the potential to severely impact and undermine business operations.

Specialist Cyber Security Education

Royal Holloway, University of London, and Oxford University are investing £7.5m to develop specialist courses in resisting cyber-attacks, to train the information security professionals of the future.

However, one could argue that whilst theory, concepts and research are clearly an important factor, appropriate practical professional experience is required to ensure that the information security professionals of the future appreciate the nuances and context of information security within larger organisations that have many moving parts.

As such it would be prudent to ensure that for this type of very focused and specialised academic course there is a sufficient level of practical, hands-on and industry experience built in - primarily to ensure students maximise their employability and value to their first employer.

Organisations that place a high degree of importance on information security as a business enabler and remain committed to those initiatives, integrating them into all aspects of the business, will be most resilient to attack.

Through an ongoing approach to reducing risk to an acceptable level through a combination of the right people, process and technology, organisations will not only protect sensitive data and their employees, but they'll also safeguard their reputation.

John Yeo is Director of SpiderLabs at Trustwave for Europe, the Middle East and Africa. Trustwave, provider of data security and compliance solutions worldwide investigates the top vulnerabilities, threats and compromises that negatively impact large and small businesses, law enforcement agencies and government entities.