Cyber Security

Be Inspired | Cyber Security | 3 Reasons Businesses Are Still Getting Their Cyber Security Wrong

3 Reasons Businesses Are Still Getting Their Cyber Security Wrong

Cyber security is one of the biggest challenges faced in the business world today. How do you protect your online services, including the sensitive data of your customers, effectively while still being able to function productively?

The list of recent high profile cyber security breaches highlights how difficult a challenge this really is. The 2018 attack affecting 500 million customers of Marriott Hotels and the more recent 2019 breach of Facebook user records that exposed 540 million accounts are just two examples.

Data breaches and cyber security attacks are not solely a problem for large corporations and big business. Small and medium-size commercial enterprises are just as vulnerable. The truth is, businesses are still failing to implement the strong security measures that are needed in the 21st century.

Here, we identify three major issues that business cyber security faces today. These are areas where many are failing to implement the right policies and procedures or having difficulty keeping up with the latest technological advances through lack of time and lack of budget.

1. Prioritising Cyber Security Risk Management Across the Business

Many companies we speak to say they have difficulty managing cyber security risks across their whole enterprise. There’s no doubt that the security landscape has become increasingly complicated over the past decade, so this isn’t a surprise.

Where having a solid virus and firewall protection in place was the basic requirement in years gone by, businesses now face a whole host of different threats. This highlights the importance of not only having a full cyber security policy in place that is adaptable to future threats and changes but ensuring it is communicated properly across the business.

One important issue is the huge increase in companies that operate a “bring-your-own-device” (BYOD) policy where existing hardware is boosted by employees using their own smartphones, tablets and laptops. While these add a certain level of convenience, they also increase security concerns and challenges.

Simple processes such as updating and patching software when necessary can become a hit and miss affair with many businesses when there is not a concerted attempt to prioritise cyber security risk management.

Certain parts of the business may be protected adequately but others can still be vulnerable. In addition to this, many businesses, particularly small to medium-size enterprises, may be entirely unaware that they are vulnerable through lack of knowledge.

2. The Need for Prioritising at Management Level

We also find that executive-level managers and leaders are often most focused on creating growth and moving their business forward. An issue like cyber security does not bring in money and it can be an expensive undertaking simply to keep up with the basic requirements.

Without the input and engagement of C-suite business executives, it can’t be expected that the rest of the workforce take their responsibility seriously. When you consider that 2018 was the biggest so far for data breaches, this represents a real dereliction of duty for leadership teams and priorities are not being aligned to address the real threat of cybercrime.

3. Shortfalls in Business Cyber Security Budgets

The final, significant issue that stops businesses developing the correct IT security posture is budget. In some cases, this can be because there simply isn’t the money to develop adequate systems and processes. In others, it comes down to managers and executives prioritising budgets for other ‘more important’ projects, usually focussed on growth and business development.

This latter point is also undoubtedly influenced by a lack of understanding of the role that cyber security plays in the business environment. With this being an increasingly complicated landscape, it is difficult to keep up with the current developments without having the appropriate IT staff on board at executive level who can provide clear and meaningful advice.

For small and medium-sized businesses, employing someone directly to provide IT services is often prohibitive and can drain a significant part of the cyber security budget before any measures are even put in place.

Improving Your Business Cyber Security

The challenges facing companies of all sizes cannot be underestimated. The first step in making sure that your organisation is on top of its cyber security measures is to stop treating this issue as a purely technical problem. Businesses also trust their IT professional to ‘do the right thing’ far too often and don’t delve too deeply into the different aspects of cyber security and what it means to their operation.

In most cases:

  • Businesses want to hand over responsibility to someone else or an external third party without putting in the hard yards to understand the issues and find solutions in a more collaborative way.
  • A business can also fall into a false sense of security – nothing has happened so far, the cyber security must be working well.
  • A business may have certain areas covered but not be aware, through lack of knowledge or even lack of interest, that there are vulnerabilities elsewhere that are just as threatening.

Cyber security takes place in a broad ecosystem where each individual component has the potential to impact on its neighbour. It’s important to work with a partner that understands the current challenges in cyber security and is focused on getting to know your business and working with executives to deliver an adaptable solution that protects the entire ecosystem rather than a few small parts.

A business cyber security breach could expose your client data, stop your systems working and cause untold damage not just to your ability to function but your reputation in the wider commercial world.

At Cyan Solutions, we provide a full cyber security management and support service that protects your business, adapting to current and future threats and ensuring you receive a tailored solution that meets your needs. Contact us today to find out more.

Categories: Cyber Security, IT Security, News