UK businesses are overlooking a great cybersecurity resource: Government assistance
The Government is making a concerted effort to encourage more businesses to seek guidance on mitigating cyber threats - but are they listening?
There is no question that cybersecurity has become a boardroom topic. The 2017 Cyber Security Breaches Survey reports that cybersecurity is now viewed as a high priority by senior management in three-quarters of UK businesses. Yet over the past year, despite this heightened awareness, just three in five companies sought information, advice or guidance on the cyber threats that their organisation faces.
There's no question that knowing where to look poses an initial challenge. Of those businesses that sought counsel, a third turned to external IT or security consultants, with 10 per cent relying on online searches.
Just four per cent reported using Government or other public sector resources on cybersecurity in the past year
But British businesses continue to overlook one of the greatest resources at their disposal - just four per cent reported using Government or other public sector resources on cybersecurity in the past year. With three-quarters of businesses that use them indicating that they found the resources useful, it's clear that a lack of awareness - rather than the materials themselves - is responsible for the low uptake.
Despite the disappointingly low engagement with these resources to date, a concerted effort is being taken to encourage more businesses to seek guidance on mitigating cyber threats from the Government. The National Cyber Security Centre (NCSC), which launched formally earlier this year, is the flagship of the Government's new open door policy on cybersecurity.
The new approach actively promotes the resources and expertise on offer to businesses, as well as the active defences that aims to improve the nation's overall cyber hygiene. But, following this significant investment, it's clear that more work needs to be done to encourage companies to tap into the resources.
Get involved
No matter what the size or cyber maturity of an organisation, the Government has a number of resources to benefit from.
For companies starting on the path towards better cyber hygiene, the Cyber Essentials scheme helps organisations build a firm foundation. With just a basic level of cybersecurity proven to stop up to 80 per cent of cyberattacks, organisations can massively reduce their risk by taking this first vital step.
Cyber Essentials helps organisations ensure that they are getting the basics right, and using their security solutions and budget most effectively.
Businesses of all sizes should also sign up to the advisories and alerts that the NCSC circulates on current threats and high risk vulnerabilities. The WannaCry ransomware, which spread by exploiting vulnerabilities in the Windows operating system, was a clear example of how these advisories provide a valuable resource to businesses in a high-risk cyber environment. While the press raised awareness of the scale and severity of the attack, the NCSC alerts outlined where organisations could find practical information on preventing ransomware attacks and what steps should be taken if infected - an essential resource at the height of the scare.
The Cyber Security Information Sharing Partnership (CiSP), a joint Government and industry initiative that enables members to exchange cyber threat intelligence confidentially and securely in real time, is a platform that all IT and security professionals should be tapping into.
The professionals subscribed to the platform can stay up to date on the threats that other organisations are currently facing. Similar to the NCSC, this helps organisations understand the popular attack vectors being deployed by cybercriminals and enables them to put the right defences in place to identify and prevent that attack.
It's better together
When it comes to cybersecurity, we're better when we work together. By combining the information, resources and guidance that different organisations - public and private - can offer, businesses have the best chance of staying informed about and defending against evolving attack vectors.
If organisations are to keep their data safe and the lights on in this increasingly dangerous cyber environment, it's crucial that businesses tap into the resources available to them to find out how best to identify and prevent different types of attack. Ultimately, the two fifths of businesses that are not staying informed could be leaving themselves susceptible to attack.
With the wealth of information and expertise at their disposal, organisations of all sizes should be tapping into the Government's resources to help them better to protect themselves against the evolving cyber threat landscape. Greater awareness around these resources and advocacy for their benefits will prove crucial if the Government is to see more companies seeking out its informed, impartial advice.
Don Morrison is director of government relations at McAfee