Last month, the Government’s Cyber Security Breaches Survey 2017 indicated that three-quarters of UK businesses state that cybersecurity is a high priority for their senior management. Despite increasing awareness around this threat, it revealed that just three in five businesses have reportedly sought information, advice or guidance on the cybersecurity threats that are facing their organizations over the past year.
Knowing where to look is often one of the greatest challenges. The top sources of information that these businesses tapped into were external security or IT consultants (32%) and online searches (ten percent). However, one of the greatest sources is being massively overlooked by the large majority of British businesses – the government.
The Cyber Security Breaches Survey found that just four percent of British companies reported using Government or other public sector sources, despite three-quarters of those who did stating they found the materials useful. This, the report concludes, demonstrates that awareness around the guidance and resources that the Government offers remains low.
Open door policy for cybersecurity
There is no question that the uptake of Government resources is disappointingly low. The government are already making a number of steps to promote a more open approach to cybersecurity and encourage more businesses to engage with the resources and expertise that it offers.
The National Cyber Security Centre is a big proponent of this shift in the Government’s approach to improve the nation’s cyber-hygiene. Its more open policy is perfectly illustrated by the glass-fronted, Central London office.
While the government has heavily invested in the new center, more promotion is clearly needed to ensure that British businesses know how and when they can tap in to the Government’s great resources.
Engaging with Government
No matter what the size of an organization, there are a number of resources that they can engage with. The Cyber Essentials scheme, for instance, offers advice to organizations that are taking their first steps towards basic cyber-hygiene measures. It provides information on the essential cybersecurity practices that businesses can implement that will significantly reduce their risk.
Achieving this basic level of cybersecurity is claimed to prevent up to 80% of cyber-attacks, to which organizations would otherwise be vulnerable. So, the Cyber Essentials scheme represents a brilliant resource for organizations who want to ensure that they’re getting the basics right and are deploying the most effective defenses for their security budget.
Organizations of all sizes should also tap into the advisories and alerts that the National Cyber Security Centre disseminate, which address cybersecurity issues being detected in the UK. A clear example of where these alerts are valuable is following the recent WannaCry ransomware, after which the NCSC issued a short announcement that linked to advice on how to prevent a ransomware incident, and what to do if your organization is infected.
Finally, IT and security professionals from all sizes of organizations should consider joining the Cyber Security Information Sharing Partnership (CiSP), a joint industry and government initiative that enables members to exchange cyber-threat information in real time, in a secure, dynamic and confidential environment.
This raises awareness around new and ongoing attack vectors, ultimately helping IT and security teams to introduce the necessary defenses to prevent falling victim to such an attack.
Better together
At McAfee, we believe that no one security vendor or group can completely mitigate the threat of cybercrime. We are better working together, and only by combining the resources and guidance of private and public sector organizations will businesses able to defend against this evolving threat vector.
Organizations should be actively seeking guidance and up-to-date information on how to best defend themselves in the increasingly volatile online environment. Government resources, a great number of which are easily accessible or for which information is readily available, are a fantastic way for organizations of all sizes to stay up-to-date on how they can effectively defend their networks and data.