I would like to thank all those who attended our Human Face of Information Risk seminar in Bristol last Thursday.I hope you enjoyed the event as much as the Ascentor team did.
What a fantastic evening. Speaking alongside mewas Gordon Morrison, Director of Defence and Security at Intellect and Simon Moore, South West Regional Director at the CBI . I’d like to thank them both for their enlightening presentations.
So, the highlights. If you missed the event and want a quick summary, here is a run down of the main messages that came out of the talks.
- Cyber security, information security, information assurance – whatever term you’d like to use this is fast becoming a real priority for companies here in the UK.
- We are all increasingly dependent on IT at home and at work and new technologies pose new threats. The Cloud, Facebook, Twitter, QR codes and smart phones all introduce new vulnerabilities.
- There’s now a growing gap between the security we have and the security we need, says Intellect.
- Over 96% of companies have suffered some form of information security issue in the last twelve months, says the CBI. More people are victims of online crime than of offline crime, says Intellect.
- The Government is getting really concerned about cyber security and they should. A study by Detica showed that cyber attack costs the UK economy £27 billion per year. The Government wants the UK to be a centre of excellence in cyber security, to attract more business. It’s a national imperative.
- Technology is essential to solve the problem but it’s not the whole story. Companies need to take a holistic view.
- It’s easy to blame attacks from the East for the problem butthe threats often come from much closer to home – from suppliers and even your own employees, as Ascentor’s recent research shows.
- Malicious attack is one risk – and this is on the rise. Cyber crime is big business and the attackers are getting more sophisticated.
- Deliberate acts of sabotage are a very real risk too. Disgruntled employees pose a real threat.Well over half (57%) of the people we polled in our research said that there were circumstances in which they would deliberately sabotage or compromise their employer.
- Accidental loss is another challenge. Losing important files, talking about sensitive information on the train.
- You can protect your company – and it doesn’t have to cost you a fortune. 80% of the threats can be mitigated by implementing basic security controls .
- Where do you start? Recognise the threat; identify your valuable information; identify the risks; manage and mitigate them. And keep going – Information Risk Management should be an ongoing process.
- GCHQ recommends that the solution is an Information Risk Management approach, not security standards. Unlike standards, IRM takes business context into consideration, so business benefit and business risk can be balanced,says Dave James.
- How do we inspire people to invest in information security? Make it real for them. Show them what to do as home users, reveal the threats they are under and perhaps they will understand the threat to their companies and want to do something about it.
- Simple initiatives can make a massive difference. HR has an important role to play, as of course does IT, but it is the Board that needs to take ultimateresponsibility.The challenge is to get the ‘manage your information risk’ message out to every Board of Directors and inspire them to take action.
In summary, when it comes to information security, your people must berecognisedas a source of risk but they are also part of the solution. We all stressed the need to educate and train staff, to alert them to the threat and put the right policies and procedures in place to mitigate the risk they pose.
Add the human element to the increasing threat of malicious attack and the outlook is pretty scary. Yes, there is a clear and present danger but we can all do something about it. Be aware of the information security risks facing your firm and make sure your company is secure.Effective Information Risk Management will not just mitigate the risk, it can bring you business benefit.
Article by Dave James , MD of Ascentor
- Download our ebook – The Board’s Guide to Information Risk
- Findings of Ascentor’s research into the Human Face of Information Risk