With the growing number of cyber threats, keeping valuable information safe is a priority for every organisation â€” but never more so than for companies that supply products and services to Government and hold sensitive data. This article looks at why, and what you can do to counter the pressure.
Four specific pressures on Government suppliers
1. Unprecedented threat levels
“MI5 is battling ‘astonishing’ levels of cyber-attacks on UK industry. This is a threat to the integrity, confidentiality and availability of government information but also to business and to academic institutions. What is at stake is not just our government secrets but also the safety and security of our infrastructure, the intellectual property that underpins our future prosperity and … commercially sensitive information.” – Jonathan Evans, head of M15 in BBC article , June 2012
Over the past few years there have been a number of high profile cyber attacks against Governments and companies but in recent months we have seen an unprecedented level of sophisticated attacks. No business can afford to be complacent. This threat is being felt most keenly by those in the Government supply chain.
2. Government pressure
“British companies have been told by ministers to raise their game in the fight against cyber crime after a government study showed industrial espionage and intellectual property theft on their own were costing the economy £17bn a year.” – FT.com, Feb 2011
If you supply to HM Government, you’ll be aware of the Cyber Security Strategy and the clarion call from central Government for the UK to raise its cyber game. Government has really woken up to the problem. They are asking all businesses to do more – but they also want to get their own house in order first. Expect increasing pressure on the supply chain over the next few years. Government is going to get stricter with information held by third parties. (See our previous post – What Every Government Supplier Needs to Know About the UK Cyber Security Strategy ).
3. Changes in technology
BYOD ( Bring Your Own Device ), social media, the Cloud – there have been a whole host of technological changes in recent years. New technology can improve business processes and reduce costs. In some cases â€”social media and BYOD in particular â€” it has become the norm and is expected by large sections of your workforce.
Government suppliers must work out how to embrace these advances without impacting on security. Who is advising the business on whether the risks new technology brings are acceptable?
4. Commercial concerns
In the current economic environment, every company needs to find ways to do more with less. Business efficiency and cost savings are high on every board’s agenda.
Information security control and risk mitigation costs. The challenge is to get the right level of controls for your business, without spending too much.
“All information security budget spend should be driven by quantified risk mitigation. Not by vendors, not by the press and not by technical staff,” says Mark Heathcote of IT firm Xceed. “Follow these principles and you will not only reduce the impact of real world threats on the business, but may also reduce how much you spend on it.” ( Read full article )
What can you do to counter the pressure?
Smart Information Risk Management is the key. Information risk management (IRM) is the process of identifying, understanding and managing the risks to your information within the context of an organisation’s business needs. Effective IRM will strengthen your business and open up new government opportunities.
There is some confusion about how to apply IRM in the supply chain. As a government supplier you have to look two ways: not only do you hold your own valuable information; you hold sensitive government information too – you need to protect both and run an efficient and profitable business.
Email us to receive The Supplier’s Guide to IRM
To help you understand how to implement a smart approach and gain business benefit we’re preparing a guide to Information Risk Management specifically for government suppliers.
Drop us an email if you’d like to receive a copy when it’s ready. Email: [email protected] .
Article by Dave James , MD of Ascentor.
Other content you might like:
- Ascentor’s 4 step Information Risk Action plan
- What’s new in information security this year
- Could BYOD spell disaster for Government suppliers?