There is a saying that an Englishman’s home is his castle. In essence, this is still relevant, regardless of gender or geography.
What has changed is the parameters of the castle; it’s no longer simply a matter of defending the physical boundary of a home or business, but securing against a threat that is potentially already inside the walls, via technology.
Just the threat of cyber-attack is enough to inhibit business growth; the reality has very tangible results. The motives behind cyber breaches vary hugely and include crime, incompetence, compliance/governance failure, political agitation and terrorism, of various kinds. Regardless of the reasons, a breach to security systems will have a negative impact.
The Ponemon Institute’ s recently released report The 2015 Cost of Data Breach Study: Global Analysis, puts the average cost of a data breach at $3.79 million, with the cost per stolen record being $154. In addition to the financial impact, there is also reputational damage to the targeted organization.
High profile corporations are obvious targets, but any business or service provider is at risk: transport infrastructure, power and utilities providers, hospitals, educational institutes, libraries, retailers, anywhere where system breach has chaotic potential, which holds valuable personal records or virtual cash, is a potential target.
Despite the known threat and implications, it is still acknowledged that there is a lack of global resilience to the threat, yet the fortifications are incredibly accessible. While systems, firewalls and secure servers are an important component, the benefits are only as good as the Governance Strategy and employee awareness.
The UK Government updated their Cyber Risk Guidelines earlier this year, and lists questions for CEOs and boards, regarding their organization’s approach to cyber security, highlighting that it begins at board level.
The PWC survey depicts a sobering view of US companies: businesses don’t train employees in good cyber security hygiene. The following statistics support this view:
- 20% train on site first responders to handle potential evidence
- 76% less is spent on security events when the employees are trained
- 54% don’t provide security training to new employees.
APMG offers a variety of tools and training to defend your castle. APMG’s cyber security portfolio incorporates a range of certification schemes and tools developed by the UK Government and key industry figures. APMG’s innovative cyber security solutions include CESG’s CCP and CCT certification schemes – designed to upskill critical staff responsible for keeping an organization’s sensitive assets secure, and the Dstl’s cyber security capability assessment tool, CDCAT.
Visit APMG’s newly launched Cybersecurity website, where you can get information on frameworks to support cybersecurity and the qualifications that can be taken in them, certifications for personnel, where to get training and the different exam options available.
We’d love to hear how you’re defending your castle, so let us know!
Author: Rosie Mills - Originally published 29 July 2015
