Cyber threats have continued to dominate headlines and plague private and public businesses this year.
The results from a recent study from Juniper Research suggests that an inherent attitude problem is to blame. 80% of C-level executives, board room members and directors, and 86% of total respondents, believe they are doing enough to mitigate cyber attacks.
This confident assertion comes despite 50% of the businesses surveyed being hacked. Of course a business must find a balance between defending cyber attacks and driving business profitability.
Indeed, as Windsor Holden, head of forecasting & consultancy at Juniper Research points out: “While no business can be completely safe nowadays, there are steps that companies can take to ensure they are as safe as possible, and can recover as quickly as possible in the event of a cyber attack.”
However, the fact that the research points 75% of businesses think they are secure despite half being hacked suggests more can be done in the form of an attitude and policy change.
In keeping with the digital transformation businesses are increasingly moving critical infrastructure online. With this comes increased vulnerability to cyber threats, but the report has identified this trend of complacency within the businesses surveyed.
The rapid move online is not being made in conjunction with cyber security advancements, with few common preventative measures in place.
The report found that only 48% have secure practice guidelines, while 25% have a dedicated security executive.
Only 27% conduct penetration tests to assess the likelihood of an attack and 31% monitor emails for phishing attempts.
These figures should be stronger and highlight the need for an attitude shift, towards a more conscientious level of security practice at executive and management level.
Another factor that hinders a business’ ability to protect itself effectively from cyber threats is, as the report reveals, that 33% consider the IT department solely responsible for handling security threats, while almost two thirds of respondents stated that cyber security is not their department’s responsibility.
In the era of BYOD and spam emails every employee in every department should be responsible for handling security. The IT department, for example, cannot help if a hacker enters the system via an employee’s mobile or tablet while connected to a business’ private Wi-Fi.
>See also: A retailer’s guide to cyber security
So, again, an attitude and policy shift is required to improve education about security threats and to further enhance security protocols. It is difficult to find the balance, but security must be as high a priority as profitability.
Indeed, as Kristine Olson-Chapman, General Manager at TalkTalk Business relates: “For us cyber security is no longer just a technology issue, it’s a business issue for the whole company.”
“Any business that has ever had a cyber attack will tell you that they never expected it, even with all the processes in place. Businesses need to ask themselves what they need to do now to plan and prepare.”