Is your business reactive or proactive to a cyber-attack?
Security Software Companies believe it takes an average of 3 cyber-attacks before a business shifts from a reactive to a proactive security stance.
The National Cyber Skills Centre (NCSC) recently published an article that questions UK businesses and their attitude to cyber-security. During a conversation with a security software company, the NCSC were told it takes most UK businesses (businesses of any size) 3 cyber-attacks before they start acting proactively. They call it the ‘Unlucky number 3’.
It’s rather worrying to believe that businesses still have this attitude towards cyber-security. You would like to think that businesses being the professionals that they are, would learn from their mistakes the first time round. Surely the trouble caused by the first cyber-attack would be enough to make them want to be protected from attacks as soon as possible?
It’s become apparent however that businesses prefer to run the risk and pay fines if they are ever hit by a cyber-attack, then pay to be proactive and make security improvements to their network to prevent attacks from ever happening. Then you question why people should suffer, losing their data and privacy, becoming more vulnerable to an attack because of the ignorance of a business they trusted.
You could argue that the arrival of the new General Data Protection Regulation could be a good thing. I’m sure that GDPR will encourage a lot of businesses to take their fingers out of their ears and start building a secure network. Businesses that break GDPR could be liable to pay up to $20 million or 4% of their annual turnover, whichever is larger. This is a fine that could potentially threaten a business if they were found to have neglected the GDPR guidelines.
If you’re a business owner, think to yourself whether your business is proactive to a cyber-attack. Is the software in your network consistently updated? Have you got trusted anti-virus software installed on all devices? Have you purchased spam filters to lower the risk of a phishing email entering a user’s inbox? Are your employees trained to understand safety computer precautions?