Francis Maude, the Cabinet Office Minister, will apparently today warn UK businesses of losses due to cyber crime that run ‘into the millions’.
Warnings about the impact of cybercrime proliferate. The UK’s efforts to create a “fusion cell” (private sector cyber security experts working with analysts from MI5 and GCHQ, operating from an undisclosed address in London, and not at all similar to the reputed Chinese PLA operation from an undisclosed address in Shanghai – see ‘Hacking: Chinese Army, Shanghai and You’) should be a step in the right direction.
Many organisations, however, may look at this initiative and conclude that, as the government is taking action, they don’t need to do anything. This would be seriously misguided. Anyone who says to themselves: ‘we’re a small organisation, we don’t have to worry about cyberattacks…..’ is likely to find themselves, sooner or later, on the receiving end of a cyber raid that removes valuable assets (client lists or other IP) or, more likely, a file of valuable user names and passwords (damaging your reputation and leading to a DPA nightmare) or, even more likely, money……
There are basic steps that every organisation should be taking to protect themselves: penetration testing is a basic, followed by staff awareness training – and, logically, implementation of a structured, managed approach to information security, using the best practice international standard ISO27001.