Cyber security: time to get serious?

Last week in the US, a Georgia county paid a ransomware criminal $400,000 (about £302,000) to release its IT systems. The malware resulted in almost the entire local government system taken offline and processes revert to paper; officials decided that it would be faster and less expensive to pay the ransom than to try to recover the systems without the decryption key.

Elsewhere, Citrix admitted it is working with the FBI to mitigate the effects of a password-spraying attack that enabled a state-level attacker to compromise 6TB of data, including emails, blueprints and other documents.

EY’s recent Global Information Security Survey identified that 87% of organisations “do not yet have a sufficient budget to provide the levels of cybersecurity and resilience they want.”

As though the damaging costs of failed cyber security are not already obvious, the next few months will (in the UK, as investigations triggered last year come to their conclusion) also see the start of sustained regulatory action in relation to GDPR enforcement.

Brexit is generating a lot of noise right now, but don’t let that divert you from increasing investment in all aspects of your cyber security and privacy strategies. If you don’t yet have an executable cyber security and privacy strategy, it really is time to get serious.