Organisations should prepare for the increased threat of targeted cyber-attacks in 2015 by reviewing their security polices in alignment with the government’s Cyber Essentials Scheme (CES). This is the advice from Peter Groucutt, managing director of Databarracks.
2014 saw a surge in cyber security threats such as the CryptoLocker ransomware and Keyloggers, and forced UK organisations to sit up and take note of the very real threat posed by cyber crime. But research from Databarracks, as part of its annual Data Health Check survey, has revealed that, from a sample of over 400 IT decision makers, only 29 per cent have reviewed their security polices in response to cyber threats over the past 12 months.
The findings from the survey support the views of industry professionals, which predicts that targeted cyber-attacks are set to go mainstream in 2015, due to the increasingly sophisticated methods of cyber-criminals, as well as the availability of tools and equipment.
In order to address this, Groucutt advises more organisations should review their security polices and look to the Cyber Essentials Scheme for guidance on how to stay protected:
“This year the threat posed by cyber-criminals has really made its presence felt. Attacks such as CryptoLocker weren’t just consigned to industry chatter – they were very much felt by organisations of all sizes and sectors, and documented heavily in mainstream media. According to this latest research, this is set to continue well into 2015.
“Worryingly, in response to the cyber threats in the last 12 months, over half of the respondents to our survey (58 per cent) either hadn’t made changes to their security policies, or they hadn’t reviewed them at all. The growing risk of a cyber-attack means we all need to be prepared. Organisations of all sizes need practical advice on how to stay protected.
“CES was created by the government to do exactly that. The scheme aims to provide clear guidance and practical advice for firms looking to improve their cyber security practices, whether they’re taking their first steps into cyber security or looking to improve existing processes. It solves an issue for SMEs in particular, who may not have any dedicated in-house IT staff responsible for cyber-security.
“The scheme was mandated earlier in the year for any supplier bidding for public sector contracts, and as awareness grows we expect it to be embraced by firms across all sectors. We were one of the first providers to become certified to CES Plus, so we know how helpful the process is and the improvements it can make.
“As we look forward to 2015, the threats posed remain very real. But it’s not a time to panic. Firms should prepare now by reviewing existing policies and ensuring new procedures are implemented that address the reality of the changing landscape. This will ensure they are prepared for any eventuality.”