The National Cyber Security Centre officially opened this week with a visit from Her Majesty the Queen. The Centre builds on the codebreaking legacy of Bletchley Park and will help Britain respond to the growing cyber threat.
Organisations, businesses and individuals are living through a time of momentous change in the cyber landscape. The spectre of state-backed super hacks and the exploding numbers of successful yet unsophisticated attacks have placed cyber security firmly on the political agenda.
>See also: The official opening of the National Cyber Security Centre
In the UK, the government is taking clear action, demonstrating its intention to lead in this area. Importantly, they have appointed named figures at the highest levels of government with accountability for cyber security.
The Chancellor now chairs a Cyber Committee, bringing together Ministers from across Government to tackle the issue. In addition, the recent Government Transformation Strategy created a chief data officer, responsible for the state’s use of data.
Addressing the private sector’s accountability gap
In the private sector, the story is different. While some companies have emerged as leaders in addressing the cyber security accountability gap, there is much work to be done.
Research has shown that two out of five NEDs, c-level and CIO/CISOs say that they don’t feel responsible for the repercussions of a cyber attack, only 29% have a formal cyber security policy and more than one in five don’t think it’s an issue for their business.
Organisations would do well to follow the government’s approach to the accountability problem and appoint a named individual at board level who is responsible for cyber security.
>See also: Under attack: the UK exposed to constant hostile cyber threats
It’s not only reputational damage and the prospect of an embarrassing press conference which businesses must worry about. Criminals now have the ability to take control of valuable assets through ransomware.
Legacy hacks can literally wipe hundreds of millions of pounds off a company’s value – as seen with Yahoo. In an age in which transactions are increasingly done online, an insecure company risks losing its route to market if customers believe their financial information will end up on a forum in the dark web.
Businesses worldwide can learn important lessons from the UK government’s cyber security efforts. Creating a clear position of accountability would rightly elevate cyber security to the same level as a company’s financial position or product offering.
With the right leader in place, businesses can start dealing with the problem by taking these three steps:
- Ensuring staff have basic security hygiene skills;
- Ditching legacy software that can’t fulfil fundamental needs; and
- Putting in place a strategy tailored to the organisation’s specific vulnerabilities and risk appetite.
>See also: The UK’s new National Cyber Security Centre
The opening of the National Cyber Security Centre and the creation of a chief data officer demonstrates that the government is willing to tackle the issue head-on and set an example for businesses to follow.
There is much to do, but as the NSCS demonstrates, businesses are not alone.
Sourced by Scott Rubin, head of policy, Tanium