UK Cybersecurity Strategy: 5 Things To Keep In Mind
Melissa Stevens | May 5, 2016
We’ll start by saying there isn’t anything inherently different about a U.K. cybersecurity strategy compared to one in, say, the U.S. But many countries do face some specific cybersecurity strategy challenges, whether they’re regulatory or situational—and the U.K. is no exception.
With this in mind, we’ve outlined five things to keep in mind as you formulate your strategy to protect your organisation.
1. Learn to mitigate insider threats by monitoring permissions.
Every organisation should make it a goal to provide employees with the level of network access they need to do their job and nothing more. The majority of employees do not need access to every single piece of data in an organisation—and if you give out unlimited access to your corporate network, you’re drastically increasing your chances of an insider-based cyberattack.
A recent InfoSecurity article highlighted how cybersecurity incidents have increased in the U.K. over the last year and how insiders are playing a major role in this. Andrew Dalglish, the director of Circle Research, notes:
“Not only are security breaches becoming more lucrative for attackers, research highlights that the weakest link in many businesses' security systems often comes from within... Intentional or not, the very people working for a business can pose the biggest threat to its security and the security of customer data.”
3. Prepare employees by running tabletop exercises.
According to a study done recently by AXELOS, many U.K. organisations are not properly training employees on cybersecurity. The research shows that “82 percent of companies in the UK are using traditional learning methods that include information security training on computers and e-learning,” while “less than a third use newer methods such as animations, games and simulations.” And while 99% of respondents in senior management believe training helps mitigate security risk, only 47% are changing their training tactics based on employee actions.
One of the best ways to ensure your employees are prepared for cybersecurity practices is to run tabletop exercises before a breach occurs. Don’t forget to put plans in place for notifying law enforcement, forensics firms, customers, and investors and dealing with potential financial or reputational harm.
4. Know precisely where your data is located.
A recent study by UKFast, as reported by SC Magazine, showed that 47% of IT leaders in EU organisations do not know the “geographical location” of their “critical and personal data.” Lawrence Jones, CEO of UKFast, notes, “This is a big issue for British businesses. If they don't know where their data is being stored then how can they reassure their customers, or the courts, that it is secure and not at risk of interference?”
Not only should you know the physical location of your data, but you should also know who has access to it, why, and to what degree. These are all vital aspects of your cybersecurity strategy.
5. Keep government and EU regulations at the forefront of your mind.
The U.K. seems to be experiencing a number of high profile data breaches as of late—but this could simply be a byproduct of the re quirement of public disclosure. At any rate, it is clear that the government has recognised the importance of proper cybersecurity and agrees that U.K. businesses need to be doing something about it. There are many materials offered by the government in regard to cybersecurity, but a great deal of them are very high-level and don’t provide the detail-laden information you need to create a comprehensive cybersecurity strategy.
You may already have a cybersecurity strategy in place, but it might be past time to review it and ensure that you’re covering your organisation as comprehensively as possible. A major cybersecurity breach can spell catastrophe—and while you can’t completely avoid this kind of attack, you can have proper controls in place to mitigate its effects.
If you’re using a “one-size fits all” approach to managing your vendor lifecycle, you are missing opportunities to save money and operate more efficiently. Vendor management efficiencies don’t end in the onboarding stage: using a...
If you’re experiencing frustrating delays and procedural roadblocks during your vendor management process, you’re not alone. Security managers are seeing an increase in the number of third-parties integrating with their business, and ...
During this dynamic and stressful workplace environment 2020 has brought us, finding the most efficient ways to perform in your job has never been more important. When it comes to managing your vendor lifecycle, there are three ways you...