In a (hastily withdrawn because published ahead of its official release date) news article describing the findings of the Information Security Breaches Survey 2013, the UK’s Department for Business, Innovation and Skills (BIS) will tomorrow (Tuesday 23 April) report that 87% of small firms in the UK experienced a security breach last year, and that 93% of large firms had also been targeted. Some of the incidents caused more than £1 million in damages. The median number of breaches suffered by large organisations rose from 71 to 113 and, for small firms, from 11 to 17.
UK firms are clearly not doing a good job of preparing for or responding to cyber attacks.
The UK’s Universities and Science Minister will apparently say tomorrow:
“Companies are more at risk than ever of having their cyber security compromised, in particular small businesses, and no sector is immune from attack. But there are simple steps that can be taken to prevent the majority of incidents.”
I agree. There are simple steps that can be taken to prevent the majority of incidents. Step 1 is to find the open windows in your network, and close them. This means that the first and most basic cyber security step is to identify cyber vulnerabilities in your Internet connections and websites – and then to patch them. This is relatively straightforward – an externally-commissioned vulnerability and penetration test (and there are easy-to-purchase, fixed price penetration testing packages available, as well as more customised services) will give you all the information that you need, both about vulnerabilities and what you need to patch them – but you need to commission such a test as fast as possible.
You could read this Green Paper on penetration testing and ISo27001 – but cyber-attackers aren’t about to slow down their activity – so you’ve got to start getting ahead – the faster you check your basic security, the faster you’re able to take remediation action to protect yourself and your valuable corporate assets.
