Photo: iStock
Cybercrime is one of the greatest threats facing organisations around the world, with its annual worldwide cost estimated at $445bn, according to the World Economic Forum’s Global Risks Report 2016.
While the rise in cybercrime is a global trend, the UK has particular reason to be concerned. Its incidence here has risen substantially and the UK is now among the most targeted European countries. According to the Office for National Statistics, cyber-enabled fraud and computer misuse accounts for a staggering 47% of all crimes committed in the UK.
As public organisations in particular increasingly rely on digital communications and hold vast amounts of data, they have become targets. An FOI request by security firm Avecto revealed that almost one third (30%) of UK councils fell victim to a ransomware attack in 2015. Given the clear financial implications of attacks, not to mention the potential damage to infrastructure and the public’s trust, there is much at stake.
Launching the £1.9bn National Cyber Security Strategy 2016-2021 in November, cyber security minister Ben Gummer MP said the public sector was at risk from a “range of adversaries, from organised crime, ‘hactivists’ and rogue individuals, both internal and external, through to state-sponsored actors and foreign states”.
However, while the strategy is welcome and will make a difference, investment from Whitehall alone cannot eliminate the cyber threat facing the public sector. Organisations need to ensure their cyber security strategies are up to scratch now.
Review your policy
Cyber strategies should be focused not only on identifying individual risks but also on developing resilience and protection. For a start, all organisations need to regularly review their IT policy, ensuring it covers everything from how to handle data to passwords, appropriate web access and how and when personal devices can be connected to the network. The strategy should be a living part of an organisation’s operations, developing to reflect ever-changing exposure.
Build in resilience
Once this is done, an organisation can use technology to detect attacks and protect IT infrastructure. For example, encryption software can help to thwart a cybercriminal’s ability to access sensitive data. Employee awareness must not be overlooked; even the best IT security is vulnerable if staff do not respect the protocols.
Organisations should collaborate with their public and private sector partners on best practice and for advice on cybersecurity risk mapping. Zurich, for instance, uses an information governance scorecard, which reviews every aspect of a customer’s cyber defences so our experts can quickly identify gaps.
Prepare for the worst
Regardless of how good an IT policy is and however well you communicate and reinforce its messages, it is almost inevitable that there will be a breach eventually. Organisations must be prepared with a clear, rehearsed emergency plan to deal with data leaks, malicious programmes and business interruption, dovetailed into communication and business continuity planning as necessary.
Be cyber savvy
Cyber security is continually evolving and protection mechanisms can quickly become obsolete. It’s therefore important for organisations to stay on top of the cyber landscape and, equally, examine whether their insurance cover is fit for purpose.
The cyber threat will continue to grow in scale and complexity. Public sector bodies must mitigate their risk by putting in robust defence and response plans and collaborating with partners to identify best practice and developments in the cyber landscape.
