a blue 2D illustration of a shield in a circle connected by circuit lines on a dark background

Sustained Commitment Required for Cybersecurity

#KingstonCognate introduces Bill Mew

Picture of Bill Mew

Bill Mew is a key opinion leader, digital ethics campaigner, and entrepreneur. As a key opinion leader, Bill focuses on striking the right balance between “meaningful protection,” where he has been ranked as the top global influencer for data privacy, and “the maximization of economic and social value,” where he is also one of the top influencers for everything from cybersecurity and digital transformation to govtech and smarter cities. He also makes weekly appearances on TV/radio (BBC, RT, etc.) as an expert on these topics—with more broadcast airtime than any other technologist in the UK.

As an entrepreneur, Bill is the founder and CEO of CrisisTeam.co.uk, where he works with an elite team of experts in incident response, cyber law, reputation management, and social influence to help clients minimize the impact of cyberattacks.

Complex Challenges of Cybersecurity

There are some challenges for which there is a simple, quick, and easy solution, but most of our most significant challenges arise from threats that can be addressed only by changing our behavior and sustaining a long-term commitment.

The 2021 Allianz Risk Barometer* lists the top business risks that leaders need to watch out for this year. Three of these risks stand out from all the rest:
1) Business Interruption, such as from supply chain disruptions,
2) Pandemic Outbreak, such as health and workforce issues or restrictions on movement, and
3) Cyber Incidents, including cybercrime, IT failure/outage, data breaches, fines, and penalties.

Such massive challenges require long-term commitment to changes in behavior. Nowhere is this more true than in a further challenge faced by society as a whole-climate change. Sustainability may well be the mantra for reducing our impact on the environment and reaching a new carbon-neutral equilibrium where we are no longer making things worse. It can also be applied to the level of commitment that will be required to achieve this-an all-encompassing commitment that will need to be sustained for decades to come if we are to meet our climate goals.

Similarly, the pandemic, COVID-19, and all its variants have required massive changes in our behavior. We are likely to need to sustain many of these for some time to come. Thankfully though, there are masks and vaccines that can offer some protection and provide some light at the end of the tunnel. Nevertheless, dealing with current and future COVID variants is going to mean that many of these behaviors will need to be incorporated into a new way of life. Things will never go back to how they were, but there will be a new normal.

Cybersecurity is Not Just a Checkbox

a hand behind with a lock illustration with circuit board and network lines with a cityscape in the background

In many ways COVID, while the most immediate challenge, is actually easier to address than some of the others. There are no masks or vaccines that will make the climate challenge any easier. And while there have been a few COVID variants, on the cybersecurity front new vulnerabilities and malware variants are discovered almost daily. It will never be easy to sustain our commitment and focus on such endless challenges, but it is necessary nonetheless.

It is all too easy to take a checkbox approach to data protection, compliance, and cybersecurity or delegate responsibility for these issues to individuals within an organization and expect them to take full responsibility for it all. It is equally easy to take out cyber insurance and think of this as a substitute for adequate cybersecurity. The problem is that cybersecurity is everyone’s responsibility and it requires sustained commitment from us all.

So, what does “sustained commitment to cybersecurity” mean … and what does it not?

Sustained commitment to cybersecurity is not a checkbox exercise ... it is an organization-wide cultural approach to valuing and protecting data.

Sustained commitment to cybersecurity is not just something you delegate to the tech department... it is a responsibility shared by absolutely everybody within the organization, from the users who complete phishing training and use multi-factor authentication (MFA), to the executives who provide adequate funding for cybersecurity and who actively participate in simulation exercises to test incident preparedness, as well as the IT and Compliance teams.

Sustained commitment to cybersecurity is not a single-solution exercise... it is something that is applied from end to end across the whole of your organization. While antivirus tools and methodologies like Zero Trust are a good start, they need to be supplemented by detection, backups, encryption, and a great deal more. And while encrypted communications is important, so is encryption of data at rest on servers, on storage devices, and even on SSDs and encrypted USB.

Sustained commitment to cybersecurity is also about investment in skills. Cybersecurity skills are in short supply and retaining staff with the right skills can be a real challenge for smaller organizations. Thankfully some vendors are providing support to smaller organizations that lack the necessary specialist skills. An example of this is Kingston Technology’s Ask an Expert service.

Sustained commitment to cybersecurity is not just a short term exercise... it is something that needs to be sustained forever. After all, the landscape is constantly changing. New vulnerabilities and threats are being discovered almost daily. Cybercriminals are relentless opportunists. And the consequences of getting it wrong are considerable.

Sustained commitment to cybersecurity is not the same as having cyber insurance... it is an absolute requirement that cannot be substituted. Indeed, regulators have warned that you shouldn't ever confuse cyber insurance with cybersecurity. Cyber insurance is only ever supplementary to cybersecurity and incident response, and never a substitute for either of them.

Commitment Is Key to Cybersecurity Success

This kind of comprehensive, sustained approach may seem daunting, but it is essential as cybersecurity is an asymmetric threat. We have never been as reliant on technology or as interconnected as we are now, and hence so vulnerable. And while you need to sustain your defenses all the time to ensure they are adequate all the time, the attackers as opportunists only need to be lucky once. It could be a single phishing email or a single compromised USB drive that lets them in.

According to the Allianz Risk Barometer, global cybercrime is already causing a $1 trillion drag on the economy-a 50% jump from just two years ago. And things are getting worse. Recent supply chain attacks, such as the Hafnium attack on Microsoft Exchange servers and the Solarwinds hack, have impacted tens of thousands of organizations and we have seen an increase in the number and severity of ransomware attacks.

If cybersecurity is not already a boardroom issue at your organization, then it needs to be. And if you are not focused on a sustained approach to this challenge, then this also needs to become a priority. Increasing numbers of organizations that have failed to recognize the threat have instead faced the consequences-don’t let your organization become another victim.


Ask an Expert

Kingston can offer you an independent opinion on whether the configuration you’re currently using, or planning to use is right for your organisation.

Self-encrypted SSDs

We offer advice on what benefits SSDs will bring to your specific storage environment and which SSD is most suitable for your mobile workforce to ensure you are working securely on the go.

Ask an SSD Expert

Encrypted USB Drives

We offer advice on what benefits using Encrypted USB will bring to your organisation & which drive is best suited to your business needs.

Ask a USB Expert