Technology is critical to how modern companies operate and yet top-level executives still fail to appreciate the multi-dimensional nature of digital risk and that a company’s own staff remain its weakest link from a security perspective. The idea that technical solutions can be found to patch these human vulnerabilities is not just simplistic but is a major factor in many of the huge data breaches we have seen in recent years.
Cybercrime is a growing industry, with damages expected to reach $6tn (£5tn) annually by 2021. Old and unpatched IT systems are the most common target these attacks, with the recent WannaCry infestation of NHS computers a key example of the difficulties of maintaining sprawling and varied IT infrastructure. Delaying computer upgrades may seem like a good way to save money in the short-term, but when employees are still using Windows 7 machines in 2019, the digital world can be a very dangerous place.
Many companies have turned to the cloud as a way to reduce risks and cut costs, leaving updates and patches up to leading tech firms like Microsoft or Google. But the cloud is a technical solution and can inherently only offer limited protection against online threats, where hackers are more likely to gain access to a system via a phishing email with an infected link or attachment than by trying to brute force their way in with the help of a botnet.
Technological solutions do help in protecting company data, but only when combined with a more holistic approach to cyber defence will businesses be able to win the cyber war and keep their data out of the hands of hackers. As 5G and artificial intelligence becomes more mainstream, the avenues of attack will increase exponentially and only a knowledgeable and digitally aware workforce can keep a company one step ahead. Those in the tech sector expect most people to already understand the importance of using strong passwords and how to spot the difference between legitimate and phishing emails, but the fact that “123456” and “password” were still the most common passwords used by people in 2018 shows how far we still have to go with digital education.
In the past, many companies have treated data breaches and embarrassments to their reputation, but governments around the world are now legislating to protect customers and imposing significant fines against businesses that fall short in protecting customer data. Modern business insurance can include cover for compensation claims that arise after a company falls victim to a cyber-attack. However, those that have been negligent with their security may find their indemnity will not cover a fine under the GDPR. In the wake of British Airways £183m fine for failing to adequately protect its customers’ data, Information Commissioner Elizabeth Denham said: “When you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
Companies now have a greater incentive than ever to develop a culture of digital responsibility throughout their workforce, where all employees understand the constant and evolving cyber threats against the company and how best to mitigate the risks.