Combatting rising cyberattacks: more should be done
Craig Lurey argues a proficient IT team and technology will help prevent cyberattacks
While many have suffered from cyberattacks, businesses within the UK professional services industry are among the worst affected, each hit by an average of 62 cyberattacks over the last 12 months – far above the UK-wide average of 44 per organisation.
With businesses expecting the number of attacks to increase in the coming years, it’s up to leaders to act now, so they can protect their organisations from being compromised in the future.
Upskill your team
A proficient IT team is always in a better position to deal with cyberthreats, as skilled employees are capable of making the most of the technology they have at their disposal and adapting to the ever-changing attacks that are launched by cybergangs. However, according to research, IT teams within the UK professional services sector currently lack the necessary skills to defend their businesses. Two-thirds of industry IT decision makers agree that a shortage of skilled workers is having a negative impact on cybersecurity within their organisation.
The skills shortage unfortunately does not stop at IT professionals; employees throughout the entire UK professional services workforce are unaware their own day-to-day habits pose a huge threat to their company, and over three-quarters of IT leaders within the professional services industry believe more needs to be done to educate employees on cybersecurity best practices.
Business leaders must therefore invest in their team’s education to best ensure the organisation is kept safe from cybercriminals. For IT-specific workers, this means implementing a tailored skill development plan which corresponds to the size of the business, the technology it uses and the risk level the company is facing.
For all other employees across the organisation, it is crucial they are offered comprehensive cybersecurity training that covers best practice within the workplace, such as keeping hardware and software up to date, understanding phishing attempts and company protocol in case of a breach.
Cybersecurity training should also include an overview of password hygiene; globally, password security issues account for over 80 per cent of all data breaches, so encouraging employees to practise good password hygiene can be incredibly effective in strengthening a business’s cybersecurity defences.
However, good password hygiene doesn’t have to be tedious. These days, it can be facilitated by the introduction of password management software, which simplifies the process by generating unique login credentials and encrypting them – along with any other sensitive data – within a secure digital vault. Employees no longer need to remember hundreds of passwords, and IT can have visibility and control over the use of passwords and other secrets.
Password managers empower each individual to take cybersecurity into their own hands; this is the direction in which the industry is moving. We can no longer view cybersecurity as an issue that can be solved by one person or even a dedicated team; it is instead the responsibility of each and every individual.
Presently, IT leaders within the UK professional services industry are considered the sole guardians of their organisation, put under pressure to resolve each and every cybersecurity issue. Almost half of all IT decision makers within the industry have kept a cybersecurity attack affecting their organisation to themselves, hesitant to reveal the truth and ask for help, for fear of being let go.
Aware of the dangers this lack of transparency can present, IT leaders are therefore calling for support from a member of the board to be dedicated specifically to the cyber-welfare of the business. This would offer IT leaders a certain level of security and allow businesses to oversee how the entire business behaves when it comes to cybersecurity.
The introduction of an ‘Ofcom’ of cybersecurity, for which a large majority of IT leaders have also indicated their support, would also help to enforce this. The body would provide external oversight and hold businesses accountable for their security policies, so that IT professionals no longer become the scapegoat for a business’s lack of proactivity.
By ensuring formal cybersecurity training sits at the top of the priority list, each employee can become more responsible for the security of the company and ultimately assist IT leaders in protecting their organisation.
Craig Lurey is CTO and co-founder of Keeper Security keepersecurity.com