BT AND KPMG WARN BUSINESSES AGAINST CYBER
SECURITY TRAPS
SECURITY TRAPS
Investing in IT security products alone is no
silver bullet in battle against cyber crime
silver bullet in battle against cyber crime
SINGAPORE, 22
AUGUST 2017 – In
the wake of high-profile global ransomware attacks such as WannaCry and Petya,
BT and KPMG have released a new cyber security report offering practical advice
to businesses of all sizes on how best to manage their security journey and
turn it into a business opportunity.
AUGUST 2017 – In
the wake of high-profile global ransomware attacks such as WannaCry and Petya,
BT and KPMG have released a new cyber security report offering practical advice
to businesses of all sizes on how best to manage their security journey and
turn it into a business opportunity.
The new report, “The
cyber security journey – from denial to opportunity”, warns businesses
against falling into dangerous traps as they deal with the complexity of
securing a digital enterprise. These include being stuck in ‘Denial’ and
‘Worry’ phases at one end of the spectrum, and ‘False Confidence’ and ‘Hard
Lessons’ at the other end.
cyber security journey – from denial to opportunity”, warns businesses
against falling into dangerous traps as they deal with the complexity of
securing a digital enterprise. These include being stuck in ‘Denial’ and
‘Worry’ phases at one end of the spectrum, and ‘False Confidence’ and ‘Hard
Lessons’ at the other end.
While the report
stresses that investment in technology such as firewalls and antivirus
protection is essential ‘good housekeeping’ practice at the start of the
security journey, firms should avoid throwing money away on IT security
products as a knee-jerk reaction. This is especially true for companies who
have matured from the stage of ‘denial’ into the stage of constant ‘worry’,
where investing in the latest technology can be viewed as the silver bullet to
the problem. This common mistake can make firms a target, not just for cyber
criminals, but also for over-zealous IT salespeople.
stresses that investment in technology such as firewalls and antivirus
protection is essential ‘good housekeeping’ practice at the start of the
security journey, firms should avoid throwing money away on IT security
products as a knee-jerk reaction. This is especially true for companies who
have matured from the stage of ‘denial’ into the stage of constant ‘worry’,
where investing in the latest technology can be viewed as the silver bullet to
the problem. This common mistake can make firms a target, not just for cyber
criminals, but also for over-zealous IT salespeople.
Businesses must first
assess their current controls against industry best practices, such as guidance
and available resources offered by the Cyber Security Agency of Singapore, to
identify any gaps and prioritise essential areas in which to address.
Furthermore, everyone in the organisation, from the board down, must take
responsibility for maintaining high standards of cyber hygiene, while
businesses must invest in training and raise awareness amongst staff. This can
help turn employees from the weakest point in any security chain into every
company’s greatest asset in the fight to protect data.
assess their current controls against industry best practices, such as guidance
and available resources offered by the Cyber Security Agency of Singapore, to
identify any gaps and prioritise essential areas in which to address.
Furthermore, everyone in the organisation, from the board down, must take
responsibility for maintaining high standards of cyber hygiene, while
businesses must invest in training and raise awareness amongst staff. This can
help turn employees from the weakest point in any security chain into every
company’s greatest asset in the fight to protect data.
Mark Hughes, CEO, BT
Security, said: “The global scale of the recent ransomware attacks showed the
astonishing speed at which even the most unsophisticated of attacks can spread
around the world. Many organisations could have avoided these attacks by
maintaining better standards of cyber hygiene and getting the basics right.
These global incidents remind us that every business today – from the smallest
sole trader through to SMEs and large multinational corporations – needs to get
to grips with managing the security of their IT estate, as well as their people
and processes. This report aims to help secure the digital enterprise by
navigating businesses through their cyber security journey.”
Security, said: “The global scale of the recent ransomware attacks showed the
astonishing speed at which even the most unsophisticated of attacks can spread
around the world. Many organisations could have avoided these attacks by
maintaining better standards of cyber hygiene and getting the basics right.
These global incidents remind us that every business today – from the smallest
sole trader through to SMEs and large multinational corporations – needs to get
to grips with managing the security of their IT estate, as well as their people
and processes. This report aims to help secure the digital enterprise by
navigating businesses through their cyber security journey.”
David Ferbrache,
Technical Director in KPMG’s cyber security practice, said: “The recent spate
of cyber-attacks is keeping cyber risk at the top of the business agenda, and
as such investments are being made. The business community needs to avoid
knee-jerk reactions as cyber security is a journey – not a one size fits all
issue, and getting the basics like patching and back-ups right matters. It’s
important to build a security culture, raise awareness amongst staff, and
remember that security needs to enable business, not prevent it.
Technical Director in KPMG’s cyber security practice, said: “The recent spate
of cyber-attacks is keeping cyber risk at the top of the business agenda, and
as such investments are being made. The business community needs to avoid
knee-jerk reactions as cyber security is a journey – not a one size fits all
issue, and getting the basics like patching and back-ups right matters. It’s
important to build a security culture, raise awareness amongst staff, and
remember that security needs to enable business, not prevent it.
“Cyber threats are
evolving and businesses face ruthless criminal entrepreneurs. The solution
isn’t jargon ridden technology silver bullets but one that involves a community
effort in a world where business boundaries are vanishing. With criminals
getting increasingly creative about finding the weakest link, the CISOs of the
future need to care about digital risk, help the business seize opportunities
and build cyber resilience.”
evolving and businesses face ruthless criminal entrepreneurs. The solution
isn’t jargon ridden technology silver bullets but one that involves a community
effort in a world where business boundaries are vanishing. With criminals
getting increasingly creative about finding the weakest link, the CISOs of the
future need to care about digital risk, help the business seize opportunities
and build cyber resilience.”
Although cyber
security issues are increasingly discussed at board level today, the report
claims that those discussions are too infrequent and are treated as a separate
and disconnected issue from broader operational risk. All too often, the issue
of cyber security is not incorporated into the overarching business strategy.
security issues are increasingly discussed at board level today, the report
claims that those discussions are too infrequent and are treated as a separate
and disconnected issue from broader operational risk. All too often, the issue
of cyber security is not incorporated into the overarching business strategy.
The report also argues
that overly complex IT architecture can worsen security gaps. This is
especially the case if the technology deployed is too difficult to use or there
is a lack of integration.
that overly complex IT architecture can worsen security gaps. This is
especially the case if the technology deployed is too difficult to use or there
is a lack of integration.
In order to address
these risks and gain true leadership in cyber security, the report calls on
firms to focus on good governance processes, the proper integration of
technologies and to consider outsourcing some less critical aspects of their
security to a trusted partner. This, combined with the sharing of intelligence,
good practice and hard-won lessons among a network of peers and beyond would
put the company in a position to think about cyber security differently.
Namely, not as a risk which is discussed by the board perhaps twice a year, but
as a business opportunity and enabler for digital transformation.
these risks and gain true leadership in cyber security, the report calls on
firms to focus on good governance processes, the proper integration of
technologies and to consider outsourcing some less critical aspects of their
security to a trusted partner. This, combined with the sharing of intelligence,
good practice and hard-won lessons among a network of peers and beyond would
put the company in a position to think about cyber security differently.
Namely, not as a risk which is discussed by the board perhaps twice a year, but
as a business opportunity and enabler for digital transformation.
The report comes at a
time especially relevant to Singapore as the country embarks on a holistic,
national cyber security strategy to ensure industries, businesses and the
nation embrace digitalisation and transformation in a safe, secure environment.
time especially relevant to Singapore as the country embarks on a holistic,
national cyber security strategy to ensure industries, businesses and the
nation embrace digitalisation and transformation in a safe, secure environment.
The BT-KPMG report is
available for download at http://www.globalservices.bt.com/uk/en/point-of-view/cyberjourney
available for download at http://www.globalservices.bt.com/uk/en/point-of-view/cyberjourney
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
