“The UK government has to continue to communicate with boardrooms to help them understand increasingly capable cyber threats and the different options available to mitigate the likely financial impact,” says Alex Fidgen from MWR InfoSecurity.
The company issued the comment following the publication of the FT-ICSA survey results which reported that nearly 80% of the boardrooms polled had not actively discussed, or seen, the UK Government’s guidance on tackling cybercrime.
Fidgen agreed with the survey that most UK boardrooms overlook the impact of potential IT security incidents and said: “Unless businesses start to calculate the value of the data they hold, and directly map this to the systems and networks on which it is stored and transmitted, they will always incorrectly align any security expenditure. It will not only be a waste of resources, they will be protecting the wrong assets
or data locations."
He added: “This happens because the appropriate security standards can only be decided and implemented if the business and IT areas communicate seamlessly, and traditionally this does not happen. Coupled with an increasingly capable number of foreign states who are routinely using cyber attacks to steal information or disrupt business, calculating the business impact is steadily becoming more important when communicating to a board the need to mitigate such risk.”
The attacks are becoming incredibly sophisticated in terms of the number of organisations targeted. Information is being taken from each and pieced together to provide the final goal for the attacker.
Fidgen said: “Before disregarding any attacker’s interest in an organisation, it is necessary to understand that whilst the information directly relevant to that company might not be of interest, the data they hold about their partners or clients could be the end target."
He added: “It is a very complicated picture, but the end impact to a business can be substantial. The UK Government realises this, as do a growing number of large enterprise businesses. However, this number is still low, as supported by the survey results. This awareness within board rooms has to change if we are to protect information critical to the future profitability of key business.”