a blue 2D illustration of a shield in a circle connected by circuit lines on a dark background

Sustained commitment required for cybersecurity

#KingstonCognate introduces Bill Mew

Photo of Bill Mew

Bill Mew is a key opinion leader, digital ethics campaigner and entrepreneur. As a key opinion leader, Bill focuses on striking the right balance between ‘meaningful protection’, where he has been ranked as the top global influencer for data privacy, and ‘the maximization of economic and social value’, where he is also one of the top influencers for everything from cybersecurity, and digital transformation to govtech and smarter cities. He also appears weekly on TV/Radio (BBC, RT, etc) as an expert on these topics - more broadcast airtime than any other technologist in the UK.

As an entrepreneur, Bill is the founder and CEO of CrisisTeam.co.uk, where he works with an elite team of experts in incident response, cyber law, reputation management and social influence to help clients minimize the impact of cyber-attacks.

Complex challenges of cybersecurity

There are some challenges for which there is a simple, quick and easy solution, but most of our most significant challenges arise from threats that can only be addressed by changing our behaviour and sustaining a long-term commitment.

The 2021 Allianz Risk Barometer* lists the top business risks that leaders need to watch out for this year. Three of these risks stand out from all the rest:
1) Business Interruption, such as from supply chain disruptions,
2) Pandemic Outbreak, such as health and workforce issues or restrictions on movement, and
3) Cyber Incidents, including cybercrime, IT failure/outage, data breaches, fines and penalties.

Such massive challenges require long term commitment to changes in behaviour. Nowhere is this more true than in a further challenge faced by society as a whole - climate change. Sustainability may well be the mantra for reducing our impact on the environment and reaching a new carbon-neutral equilibrium where we are no longer making things worse. It can also be applied to the level of commitment that will be required to achieve this - an all-encompassing commitment that we will need to be sustained for decades to come if we are to meet our climate goals.

Similarly, the pandemic, COVID-19 and all its variants, have required massive changes in our behaviour. We are likely to need to sustain many of these for some time to come. Thankfully though, there are masks and vaccines that can offer some protection and provide some light at the end of the tunnel. Nevertheless, dealing with current and future COVID variants is going to mean that many of these behaviours will need to be incorporated into a new way of life. Things will never go back to how they were, but there will be a new normal.

Cybersecurity is not just a tick-box

a hand behind with a lock illustration with circuit board and network lines with a cityscape in the background

In many ways COVID, while the most immediate challenge, is actually easier to address than some of the others. There are no masks or vaccines that will make the climate challenge any easier. And while there have been a few COVID variants, on the cybersecurity front new vulnerabilities and malware variants are discovered almost daily. It will never be easy to sustain our commitment and focus on such endless challenges, but it is necessary never-the-less.

It is all too easy to take a tick-box approach to data protection, compliance and cybersecurity or delegate responsibility for these issues to individuals within an organisation and expect them to take full responsibility for it all. It is equally easy to take out cyber insurance and think of this as a substitute for adequate cybersecurity. The problem is that cybersecurity is everyone’s responsibility and it requires sustained commitment from us all.

So, what does “sustained commitment to cybersecurity” mean … and what does it not?

Sustained commitment to cybersecurity is not a tick-box exercise ... it is an organisation-wide cultural approach to valuing and protecting data.

Sustained commitment to cybersecurity is not just something that you delegate to the tech department ... it is a responsibility shared by absolutely everybody within the organisation, from the users that undertake phishing training and use multi-factor authentication (MFA), to the executives that provide adequate funding for cybersecurity and that actively participate in simulation exercises to test incident preparedness, as well as the IT and compliance teams.

Sustained commitment to cybersecurity is not a single solution exercise ... it is something that is applied from end -to- end across the whole of your organisation. While antivirus tools and methodologies like Zero Trust are a good start, they need to be supplemented by detection, backups, encryption and a great deal more. And while encrypted communications is important, so is encryption of data at rest on servers, on storage devices and even on SSDs and encrypted USB.

Sustained commitment to cybersecurity is also about investment in skills. Cybersecurity skills are in short supply and retaining staff with the right skills can be a real challenge for smaller organisations. Thankfully some vendors are providing support to smaller organisations that lack the necessary specialist skills. An example of this is Kingston Technology’s Ask an Expert service.

Sustained commitment to cybersecurity is not just a short term exercise ... it is something that needs to be sustained forever. After all, the landscape is constantly changing. New vulnerabilities and threats are being discovered almost daily. Cybercriminals are relentless opportunists. And the consequences of getting it wrong are considerable.

Sustained commitment to cybersecurity is not the same as having cyber insurance ... it is an absolute requirement that cannot be substituted. Indeed regulators have warned that you shouldn't ever confuse cyber insurance with cybersecurity. Cyber insurance is only ever supplementary to cybersecurity and incident response, and never a substitute for either of them.

Commitment is key to cybersecurity success

This kind of comprehensive, sustained approach may seem daunting, but it is essential as cybersecurity is an asymmetric threat. We have never been as reliant on technology or as interconnected as we are now, and hence so vulnerable. And while you need to sustain your defences all the time to ensure that your defences are adequate all the time, the attackers as opportunists only need to be lucky once. It could be a single phishing email or a single compromised USB drive that lets them in.

According to the Allianz Risk Barometer, global cybercrime is already causing a $1 trillion drag on the economy-a 50% jump from just two years ago. And things are getting worse. Recent supply chain attacks, such as the Hafnium attack on Microsoft Exchange servers and the Solarwinds hack, have impacted tens of thousands of organisations and we have seen an increase in the number and severity of ransomware attacks.

If cybersecurity is not already a boardroom issue at your organisation then it needs to be. And if you are not focused on a sustained approach to this challenge then this also needs to become a priority. Increasing numbers of organisations who have failed to recognise the threat, have instead faced the consequences - don’t let your organisation become another victim.

#KingstonIsWithYou

Ask an Expert

Kingston can offer you an independent opinion on whether the configuration you’re currently using, or planning to use is right for your organisation.

Self-encrypted SSDs

We offer advice on what benefits SSDs will bring to your specific storage environment and which SSD is most suitable for your mobile workforce to ensure you are working securely on the go.

Ask an SSD Expert

Encrypted USB Drives

We offer advice on what benefits using Encrypted USB will bring to your organisation & which drive is best suited to your business needs.

Ask a USB Expert