4 November 2014
It’s an age old saying, but knowledge really is power, especially when it comes to cybersecurity.
It’s a subject that appears in the news every single week, yet we’re still struggling as a nation with online crime. Even big name businesses are finding themselves falling foul of hackers whilst smaller organisations think they aren’t significant enough to be of interest to cybercriminals.
The reality? We’re all of interest. Our cybersecurity division has even encountered charities that have been hacked before, and whilst it’s great that we can lend a hand in these situations, it’s hugely disappointing that there’s been a need for this in the first place.
Catching up on a bit of news, I came across an interesting article on the issue featuring comments from the head of Europol’s cybercrime department, Troels Oerting. He pointed out the dilemma businesses face when it comes to reporting security breaches; however, whilst it might not look good for their reputation, being transparent and holding oneself accountable is ultimately the best thing to do, not only for the business in question, but for all of us.
Think about it: the more information we can get on the types of attack being encountered, the more knowledge we amass. One of the comments Troels Oerting made in his article was that, when it comes to businesses being honest about breaches, “the focus should not be on sensationalising data breaches and hanging people out to dry”.
Whilst I agree, as we all make mistakes and there’s little merit in shaming people for failures, I do think there are lessons to be learnt when businesses haven’t taken the appropriate measures to protect customer data. I appreciate it can be difficult when you’re still an SME and money is tight, but my advice would be to at least cover the basics, using things like firewalls. Operating without these precautions is a risk that’s simply not worth taking.
Ultimately though, if the business community can keep its members alert, no matter what industry they’re from, we’d be stronger for it. So when breaches do happen – and they invariably will – we should focus not on the mistakes, but on what we can learn from them.