An interview with Cybernews
Cyber security is a topic that’s talked about far and wide. Whether it’s due to the exponential increase in remote and now hybrid working over the last two years, nation state tensions or the decreasing costs to create a ransomware attack, everyone seems to be talking about it.
We’ve summarised the interview in this blog and linked to the full article at the bottom.
What challenges do you help navigate?
"The main challenges organisations face in terms of managing their cyber risk are a lack of people and/or in-house expertise. We support in-house teams or individuals by either fully outsourcing their Security Operations Centre (SOC) or integrating with any in-house resource to provide additional support. Our experts consult on building cyber strategies to protect key assets and identify threats and vulnerabilities, making companies more resilient over time."
"Increasingly, organisations are coming to us with supply chain cyber security issues and we can actively monitor third-party tools, as well as review feeds and messages from partners and suppliers to reduce supply chain risk. We have been involved in delivering supply chain training to some of our customers."
"We also work with organisations that are worried about obtaining cyber insurance, by helping them understand what insurers are asking for and how to satisfy their demands.”
What types of organisations should be more concerned about implementing proper risk management solutions?
"The NCSC guidelines state that all organisations should assume breach, which means that no organisation is safe, and everyone should prepare accordingly. It doesn’t matter if you’re a small start-up or employ thousands of people: if your organisation has operations, data, IP, or even just a strategy document that attackers can access, then that can be ransomed."
"There will be minimum cyber security requirements that certain types of organisations have to meet, which could perhaps be contractual. For example, if you’re part of the supply chain for a manufacturer or logistics company, then a competitive advantage can be gained from better cyber security. Likewise, regulated companies might need to prove that they have put certain security measures in place and are monitoring them."
Do you think small businesses and big enterprises should rely on the same security measures?
"The definition here of what constitutes a small or large enterprise is a moot point in terms of cyber security risk management. A small hedge fund with just a few employees could make millions of pounds of profit and hold a large amount of data, ranging from consumer transactions to social media and app data, which attackers could target if the organisation doesn’t have a strategy or the tools to protect it. So, the employee count is less relevant."
"However, just because an organisation grows and hits a certain number of employees or revenue, it does not mean to say that the cybersecurity tools in use will no longer work or that you need to massively increase the tech budget. Spending more on cyber security tools doesn’t automatically make your organisation more secure: it comes down to people, processes, and an appropriate security posture."
"Organisations need to identify and prioritise the risks they are facing and then tailor their measures to these potential threats. So, building that roadmap and protecting your crown jewels, like data, IP, or operations, is crucial. Then, as you grow your organisation, you build more into your cyber maturity program. If you are running a business and haven’t done that yet, then start as soon as possible!"