If data is your sweet spot, could it also be your weak spot?
As National Cyber Security Awareness Month comes to an end, we are forced to confront the vulnerability of our ever-growing data. In light of this, Simon Merrick discusses ways in which organisations can use a virtual chief information security officer (vCISO) to help protect and manage their customer and administrative data.
Back in the 1980s, life was simpler. We had four TV channels to choose from, we wrote cheques to pay people, and personal documents were stored in a metal, locked box. You were more likely to lose valuable information through fire, being pickpocketed or by simply dropping your wallet in the street.
The very first computer virus written in 1986 was created to protect software copyright. It worked by slowing down access on a floppy disk drive. The digital world was simpler then.
Fast forward to 2016 and whilst floppy disks have almost entirely gone the way of the dodo, use of electronic data has exploded. In 2015 we consumed eight zetta-bytes of data. To put that into perspective, one zetta-byte is equivalent to about 250 billion DVDs. Let’s just say that that’s a lot of data.
Our increasing willingness to share our own valuable electronic information with others, both personally and professionally, goes some way to explain this massive growth. It is reasonable to assume that this willingness is because we trust those with whom we share our data.
Yet it would seem that the record for organisations protecting our data isn’t as good as we might expect. In 2015 half a billion personal records were stolen by third parties or lost across the globe. And that’s just the reported losses.
Alison Whitney, the deputy director of digital services at the National Cyber Security Centre, recently acknowledged that until now the government’s work on cyber security has focused on central government.
At the Socitm annual conference for local government digital leaders in Milton Keynes earlier this month, Whitney said that guidance was often inaccessible for anyone other than central government. However, she said that this would change and that she aims to integrate all aspects of government cyber security.
“Keeping our own and others’ data safe online in the workplace and on the move is critically important and is everyone’s responsibility”, says Simon Merrick, Managing Consultant at Agilisys Transformation. “Public bodies are targets for cyber-criminals who can employ any number of clever tactics and techniques to get access to data or cause disruption. Public bodies’ presence in the public eye and the guarantee that they hold a wealth of personal information makes them a vulnerable target. If the perpetrators are successful in hacking such organisations they receive maximum press coverage thus making the public sector even more desirable.
Cyber-security, however, is not just a technical challenge. Many reports suggest that a significant amount of data breaches in an organisation are the result of human error, either through carelessness, weak policy or malicious activity.
Agilisys, digital technology specialist for the public sector, has been working with the public sector for over 15 years to transform digital services and has recently partnered with Company85 to deliver cyber security services.
“Threats to the modern company are an ever-evolving risk, and organisations have to work harder than ever to stay ahead of the curve.” says Marc Lueck, CISO of Company85 and former director of Global Threat Management at Pearson.
“Cyber-security needs to be embedded within the culture of an organisation. It needs to be constantly reviewed to maintain and sustain the line of protection, both technically and behaviourally.”
An increasingly popular method of introducing a high level of cyber-security into business is through using a virtual chief information security officer. This is a senior information security leader with CISO experience, capable of working seamlessly with your organisation to define, articulate and drive IS strategy. Working as an integral part of your security team, the vCISO attends scheduled meetings, reviews deliverables and ensures project progress.
Compared with hiring a permanent CISO it offers substantial savings to organisations that need senior-level skills but cannot justify a full-time employee. As Merrick observes, “In building a business case to reinforce their cyber-security, organisations should also consider the risk and cost of possible data breach fines, not least the business disruption and likely reputational damage.”
Lueck concludes: “A vCISO gives organisations that might think a full time CISO is unnecessary or unaffordable the opportunity to retain a senior individual to lead strategy, design solutions and work as an integral part of your security team.”
To discuss your Cyber Security position and learn more about best practice in this space, contact [email protected]