- Security TWENTY
- Women in Security
As cyber hackers become more complex and sophisticated in their methods, UK organisations are being urged to strengthen their security systems to protect themselves and consumers by BSI, the business standards company.
A BSI survey of IT decision makers found that cyber security is a growing concern with over half (56 per cent) of UK businesses being more concerned than 12 months ago. Some seven in 10 (70 per cent) surveyed attribute this to hackers becoming more skilled and better at targeting businesses. However, whilst the vast majority (98 per cent) of organisations have taken measures to minimize risks to their information security, only 12 per cent are extremely confident about the security measures their organisation has in place to defend against these attacks.
IT directors appear to have accepted the risks to their information security, BSI suggests, with nine in 10 (91 per cent) admitting their organisation has been a victim of a cyber-attack. Around half have experienced an attempted hack, and/or suffered from malware (49 per cent in both instances). Around four in ten (42 per cent) have experienced the installation of unauthorized software by trusted insiders, and three in ten (30 per cent) have suffered a loss of confidential information.
Managing risks key to protecting data assets Despite the confidence in the security measures they have in place, three in five (60 per cent) organizations have not provided staff with information security training; over a third (37 per cent) have not installed anti-virus software; and just under half (49 per cent) monitor their user’s access to applications, computers and software.
Conversely organizations that have implemented ISO 27001, the international information security management standard, are more conscious about potential cyber-attacks than those who haven’t (56 per cent versus 12 per cent). As such, 52 per cent of organisations who have implemented ISO 27001 are extremely confident about their level of resilience against the latest methods of cyber hacking.
Mike Edwards, Information Security Specialist and Tutor at BSI, said: “The research revealed that businesses who can identify threats are more aware of them. Our experience confirms this, we know that organizations with ISO 27001 can better identify the threats and vulnerabilities to their information security and put in place appropriate controls to manage and mitigate risks.”
How to protect their data assets is leaving many business exposed, BSI argues, which in turn is impacting consumers. As consumers are spending more time and money online, their vulnerability to cyber-attacks is increasing, it’s claimed. A consumer survey found that nearly half of consumers surveyed had suffered from a cyber-attack/crime, yet only 4 per cent have stopped using online services to reduce the risks. Consumers are therefore looking to companies for protection, who in turn need to safeguard themselves and their customer data. However, there is an inherent lack of trust from consumers on how their data is handled by organizations with a third of consumers admitting they do not trust organizations with their data. On the other hand there is a level of acceptance that nothing online will ever be safe, leading to a false sense of security that ‘this will not happen to me’ amongst those who have not suffered from a cyber-attack/crime.
Maureen Sumner Smith, UK Managing Director at BSI added: “Consumers want their information to be confidential and not shared or sold. Those who want to be reassured that their data is safe and secure are looking to organizations who are willing to go the extra mile to protect and look after their data. Best practice security frameworks, such as ISO 27001 and easily recognizable consumer icons such as the BSI Kitemark for Secure Digital Transactions can help organisations benefit from increased sales, fewer security breaches and protected reputations. The research shows that the onus is on businesses to wake up and take responsibility if they want to continue to be profitable and protect their brand reputations.”
Research interviews with 200 IT decision makers in UK businesses with 250-1000 employees. Conducted in October 2014 by Vanson Bourne
Consumer research of 1,589 UK adults. Conducted in September 2014 by Opinion Matters.
For more about ISO 27001 – visit www.bsigroup.com/infosec.
More about the BSI Kitemark for Secure Digital Transactions – visit http://www.bsigroup.com/SDT.
To find out how organizations can show effective management of personal information with BS 10012 (Personal Information Management System) – visit – http://www.bsigroup.com/Personal-information-management/.