Cybersecurity Advice For SMEs

Uploaded on 2018-05-01 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

Synopsis

We are at the beginning of an electronic revolution that like earlier industrial revolutions will substantially alter and change our society, the way we live, our engagement with others and this one will alter us as individuals. 

This revolution is a significant development and intergration of digital, physical and biological systems which will change our individual, national and global electronics, which has been called a Cyber Innovation or Web 0.3, but is probably best described as the 4th Industrial Revolution. 

This transformation will completely alter the way we live and experience life and it will happen far faster than previous industrial revolutions. 

This new electronic revolution is developing by employing emerging computing technologies such as cognitive electronics and using advanced analysis, nanotechnology, biotechnology, and quantum computing to develop everything from new methods of commercial production, to specific recognition and robotic bio-technology. 

This process will alter everything from enhance human brain thinking to automated avionics and robotics and this process will change all types of jobs within education, business, policing, the military and government.

By connecting even more billions of people using mobile devices, electronic connections, storage capability, information accessibility and processing power this revolution will substantially increase the size of the interconnected the world.  
This interconnected world of cyber offers enormous opportunities to gain understanding, insightful data, commercial expansion and government interconnection. All of which can seriously improve an individual’s knowledge, jobs and potential.  Perhaps more importantly this revolution is already positively and negatively altering our geo-politics and macro-economic development. 

The benefits that arise from these relatively recent electronic developments, such as cloud and cognitive computing, are beginning to become enormously influential. However, cyberspace also includes hacker criminal threats, and the growing arena of cyber-warfare.

The potential for engaging with and countering cyber-crime comes in many new unique ways, one of which is Automated Content Recognition technologies. These can extract visual data from thousands of information streams. It can do this simultaneously and use new algorithms that can search these cloud-based indexes in seconds. This produces a specific relevant answer within seconds something that would have taken hours and probably days using a human analysts production process. 

Some of the latest AI techniques allow users to identify specific moments or in-video elements with extreme accuracy. Whether it is facial recognition for national security purposes or tracking products to monitor ad spends, this technology has for instance the power to revolutionise how a range of industries use video to effect business and sometimes to monitor potential cyber-crime.

Everyone from governments, commercial organisations and you as individuals all need new understanding, strategies and specific tactics using Cyber’s outlook and potential. This requires a change in perspective, continued research and changes to working methods employing the relevant technology that projects into the new interconnected global future. It is very important that individuals, commerce, police forces, the military and all other aspects of government create and continually review an electronic cyber strategy ensuring that this is used in their tactics on the ground. The results will be far more effective, precise and relevant than can be achieved using traditional methodologies.

Each strategy should incorporate the different areas of electronic relevance to government, commerce and individuals that offer real opportunities for globally connected future progress, while ensuring that capable security is implemented and continually up-dated.

This 4th Revolution employs deep data analysis with interconnections and links to Bio-technology, Artificial Intelligence, robotics and the Internet of Things which will significantly alter us as humans and the places we work and live. 

When used well these processes ensure our security, as well as significantly improving the broader issues of global and national macro-economics, intelligence, law enforcement and geo-politics. 

When misused by criminals and cyber warfare activists this transformation has the potential for catastrophic outcomes – this book aims to reduce these potentials by informing and engaging with every reader to ensure that our positive potential and security is focused to build a very secure and opportunistic potential for the 4th Industrial Revolution. 

Current Situation

This new expanding area known as CyberSpace can be visualised as a vital electronic layer, similar to a nervous system running through many national and international sectors and systems. The electronic arena offers us ways to understand and communicate with different communities, commercial activities and to have global conversations allowing us opportunities to change activities and to alter what we, as individuals understand, and the organisations we work for and with, will become in the future. 

Cyberspace has already transformed many areas of an organisation’s operational and commercial engagement. It is evolving from a technical and often complex ecosystem, into a range of global and tactical actions, and has now broadened into a strategic systems planning requirement. 

From an individual’s view point these systems, if used well, offer an enormous amount of connectivity, data sharing and analysis that can really expand their views on the governance, intellectual progress and potential for work specialisation and productivity going forward. 

These cyber systems and their engagement require far more management and employee understanding and this involvement cannot be left just to technologists. Individuals, politicians and business employees and management must engage and understand the strategic plans, commercial opportunities and security implications. 

The very nature of the Internet creates global collaboration that is changing the way in which we view social connections and national borders. Now the modern globalised society is increasingly dependent on an array of organised and sometimes randomly interrelated electronic infrastructures. 

Many organisations see Cyber as a growing intellectually connected strategic and tactical policy network that has current and evolving opinion, news analysis and opportunities, but with significant security issues that can be used to steal and monitor an individual’s and an organisational data.

Networks leave "exhaust" data, which relates to the activities and transactions of network traders and collaborators, which in turn tells us forensically much about what happened with the data’s use.  We are unable to trap and reutilise this in the physical world. But in the cyber world we can. This is the powerful data that makes networks more efficient, individuals, customers better served, companies more knowledgeable. It is also a huge source of insecurity, and we have tended to trade off these disadvantages against the upside but we should do so no more.

The process now requires thoughtful planning, tactical implementations and far more electronic security and thoughtful analysis and potential opportunity understanding than it did even a few years ago. 

The changes that this technology brought to individual analysis processes has been incredibly significant, however the revolution will really occur once the digital cyber inter-connectivity is fully employed.

All of these issues need to be understood and engaged with at an individual through to a senior management level and this certainly includes those who are not necessarily completely engaged with IT issues as aspects of this change will affect all individuals, their social engagement as well as their working and national life no matter what type of work, research or social life they are part of. 

From a strategic and tactical point of view you should imagine that all or even some of your company’s confidential information becoming released into public knowledge. How would your customers, clients and employees, react? 
This type of overwhelming information release would compromise the reliability of your entire business and all current and future opportunities. As organisations of all sizes increase their dependency on information technology, potential technology breaches increase. 

Most large commercial organisations have actively included cyber risk management into their business strategy and within these businesses there is a wider understanding and awareness of the need for an inclusive and holistic cyber security threats analysis. 

Cyber systems damage, failure from hacking or malware attacks can take down an organisation’s operations and ruin its relationships with clients and customers and have sever public relations and media coverage. 

However, unlike large organisations, small and medium-sized enterprises (SMEs) generally do not regard cyber risk as a strategic component in their business model despite the fact that cyber risk for SMEs is a real and growing phenomenon.
 These attacks affect the confidence of suppliers and employees in the current and future business operations. Large organisations have, in most cases, now included cyber security into their management planning.  However, unlike the larger examples most SME’s – Small and Medium Sized Enterprises have not clearly understood or analyised their own cyber risks. 
Unfortunately, cyber, as a risk is not reducing, in fact it is a growing invasion of all areas of commerce, non-profit, charity and government sectors. 

SME’s make-up over 99% of the UK economy and are unsually defined as each having less than 500 employees – many with much less. SME’s have not adequately understood the risks, security issues and implications, or in fact the commercial opportunities that cyber analysis and discussion makes available for current business activity and future strategies.

We suggest that CyberSecurity teams are created that includes the CIO/IT Director must regularly report about Cyber directly to the main board of organisations, for them to fully understand and engage with the expanding Cyber security implications, threats and opportunities. 

From an operations perspective we propose that independent teams should be used to review and randomly check security processes, procedures and data and market opportunities on an irregular and regular basis. 
The security teams would be similar in concept to the Annual Financial Audits that are now legally required by most organisations. The Cyber Security Audits team would be independent of the IT department and its day-to-day operations. It should act as an independent Audit Team on an irregular basis throughout the year and frequently report back to senior management on changes to security and current and future Cyber plans and the team should produce current Cyber Security Audit Reports. 

In the world of SME most have not clearly understood the risks, security implications and are often unaware of current cyer attacks on their own business information or attacks on their commercial sector.
They do not train staff to recognise phishing emails and their management tends to think that the whole issue is an IT problem or a Cloud provider issue.

Also the senior management often think that they have reduced the problem by using cyber insurance however effective cyber insurance for most SME’s does not currently exist and less than four percent of SME’s have effective cyber insurance cover whereas over half larger corporates have very effective insurance cover.

Conclusions

Cyber must be put on the agenda of Board Meetings of SME’s and should be discussed and training and analysis implemented across the organisation as an on-going activity.

GDPR will begin to focus some attention but the Board must be made aware of the risks that this legislation highlights for their organisation.

Most businesses require a Chief Information Security Officer (CISO) either on the Board or directly reporting to it.
In the near future GDPR has a darker side for most organisations which is called Subject Access Requests (SAR’s) where the general public can ask an organisation what recorded information it has about the individual. If enough of these requests come together this could flood and take down an organisation’s ability to adequately respond and they will break the GDPR law.

Finally, if your organisation is still using unencrypted USB devices to store EU people’s data then article 32 and 34 of GDPR make it clear that data has to be encrypted to ensure compliance and to avoid expensive fines.

Alfred Rolington - GDPR Advisory Board

You Might Also Read: 

GDPR For Dummies:

 

« Website Linked To Attacks On UK Banks Is Shut Down
The Next Russian Cyberattacks Will Be More Damaging »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Continuum

Continuum

Continuum is the IT management platform company that allows Managed IT Services Providers to maintain and back up on-premise and cloud-based servers, desktops, mobile devices and other endpoints

Brainwave GRC

Brainwave GRC

Brainwave GRC is a leading European software provider focused on Identity Analytics and intelligence to strengthen IT security and compliance.

Exonar

Exonar

We enable organisations to better organise their information, removing risk and making it more productive and secure.

CERT Tonga

CERT Tonga

CERT Tonga is the national Computer Emergency Response Team for Tonga.

Arm

Arm

Arm delivers a complete IoT solution, from providing the IP for the chip to delivering the cloud services to securely manage the deployment of products throughout their lifecycle.

Conviso

Conviso

Conviso is a consulting company specialized in Application Security and Security Research.

ACM-CCAS

ACM-CCAS

ACM is a UKAS-accredited certification body helping businesses around the world perform to a higher standard. Our certifications include ISO 27001 and ISO 22301.

Innosphere Ventures

Innosphere Ventures

Innosphere Ventures is Colorado’s leading science and technology incubator, accelerating the success of high-impact startup and scaleup companies.

MONITORAPP

MONITORAPP

MONITORAPP is responsible for complete web security. Protect your business environment with Application Security Solutions from MONTORAPP.

PreCog Security

PreCog Security

PreCog Security is a US based cybersecurity risk mitigation company. We specialize in helping you find, minimize and manage vulnerability risk within your product, network and process.

Cybertronium

Cybertronium

Cybertronium is a leader in managing cyber risk. We bring you the latest from the complex, ever-evolving online threat environment with the insights to inspire and the expertise to act.

Cornami

Cornami

Cornami delivers real-time computing on encrypted data sets, which is vital for data privacy and cloud security.

Rimini Street

Rimini Street

Rimini Street is a global provider of enterprise software support products and services, and the leading third-party support provider for Oracle and SAP software products.

Saiflow

Saiflow

SaiFlow provides a tailor-made cybersecurity solution for Electric Vehicles Charging Infrastructure (EVCI), Distributed Energy Resources (DERs) and energy networks and assets.

Cyber News Live (CNL)

Cyber News Live (CNL)

Cyber News Live provide vital information and raise awareness about all things 'cyber' to ensure you stay protected in the digital world.

Cylerian

Cylerian

Cylerian is a Next Generation SaaS Security Platform - One unified cloud platform to achieve your security, compliance, and operational objectives.