ETL Blog

4 minutes reading time (781 words)

Is cyber security still being side-lined and if so why?


Technological developments are taking place at an incredible speed which enables businesses to be more efficient, in terms of both time and money. Despite these benefits, technological advancements have also brought a new set of threats and challenges that many businesses have never experienced before. As a result of this, companies need to learn how to deal with these new phenomena in order to best protect themselves.

The recent global ransomware attacks on the NHS and other services have brought cyber-security into the limelight. Cyber-security is defined as the protection of all systems, networks and data from theft, damage or disruption (itgovernance, 2017). It has been reported that there have been attempts to attack organisations beyond the National Health Service (National Cyber Security Centre, 2017). It is therefore vitally important that businesses of all sizes prioritise online security as an area that is worthy of investment.

Why is it vital for all companies to invest in cybersecurity?

Cyber security is not a problem that can be fixed indefinitely with the purchase of one particular piece of software. It is dynamic and ever-changing, therefore requiring an ongoing process of risk assessment and safeguarding. Cyber-attacks are almost impossible to predict but with sufficient security and preventative measures, their impact can be minimised.

Hackers are constantly learning new tricks and developing new ways to breach security measures. Cyber criminals are able to buy inexpensive hacking software from the internet, meaning that it is becoming increasingly easy for these individuals to get hold of private information and misuse it.

The insider threat to a business from its' own staff and contractors should not be overlooked. Internal security procedures and policies must be communicated effectively to staff at induction and on a regular basis thereafter.

So, what is stopping companies from investing?

One common reason why financial decision makers may decide not to invest in cyber security for their business is because of the idea that 'if it ain't broke, don't fix it'. If the company has not been targeted before, they may not see any reason to invest further into cybersecurity measures. In reality however, an attack could be imminent which could potentially have devastating effects on the business. The fact that a business has not been targeted in the past does not mean that it will not be targeted in the future; a realisation that is reinforced by the recent ransomware attacks on the NHS.

A common misconception by some companies is that simply complying with relevant security legislation is enough to protect them. The ISO 27000 family of standards, for example, helps organisations of all sizes to keep its information secure through providing recommendations for an Information Security Management System (ISO, 2017). This will help a business to protect its information assets in cyberspace, but alone it is not necessarily enough to protect them from a targeted ransomware attack. Some CEOs or financial decision makers may have a lack of knowledge or awareness about the level of risk, therefore not enough investment is put into cyber-security.

What does the solution look like and how can we get there?

To put it simply, there is not one overall solution to protect a company from cyber-attacks, but there are many different measures which can be implemented to reduce the harmful effects of an attack. It is about finding and fixing problems – not building huge defences. It is probably impossible for a company to be 100% protected against cyber-attacks. The focus should be on creating an internal process which finds bugs or vulnerabilities and works to restore them - in turn improving the cyber-security of the business.

Another way that a business can be made safer is to ensure that financial decision makers understand the detrimental impacts that a cyber-attack could have on the company, for example; loss of sensitive data, negative effects on the company's reputation, the significant financial cost of a breach to the network and the reduced productivity in the long-run.

Finally, it can be very helpful to liaise with other companies within the same industry sector to discover the cyber-security measures that they are adopting and how effective these are. This is useful in highlighting your company's current position and what needs to be improved in the future to bring the company into line with other market leaders.

Simple precautions that all companies can take in order to avoid 'Ransomware' attacks:

Recommendations by the National Cyber Security Centre (Part of Government Communications Headquarters) are as follows:

  1. Keep your organisation's security software patches up to date
  2. Use proper antivirus software services and ensure they are also kept up to date
  3. Most importantly for ransomware, back up the data that matters to you, because you can't be held to ransom for data you hold somewhere else.

CTO Andrew Sheldon talks to Schools Equipment News...
4th edition of Electronic Evidence published

Related Posts



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, 22 January 2021

EasyBlog - Latest Blogs Module

EasyBlog - Random Post Module

26 January 2017
​Andrew Sheldon at Evidence Talks, explains what can be done to investigate abusive and illegal activities to ensure digital safety. Full Story...
05 May 2017
CTO of Evidence Talks Andrew Sheldon has worked as a contributing author on the 4th Edition of Electronic Evidence.In this updated edition of the well-established practitioner text, Stephen Mason and ...
22 August 2018
 CTO Andrew Sheldon discusses the SPEKTOR product family and their use to collect and analyse data from electronic and digital devices.Watch the video here....
19 April 2017
Digital Forensics
​Our CTO Andrew Sheldon, one of the UK's leading experts in the field of digital forensics technology and application, explains how the corporate community can protect their business interests and aid...
22 August 2018
 Forensics specialist Evidence Talks used the recent Special Operations Forces Industry Conference (SOFIC) in Tampa, Florida to announce the arrival of the company's SPEKTOR Ultra solution for ra...

Subscribe To Our Newsletter

Copyright. All Rights Reserved Evidence Talks 2020
Click here to see our Privacy Policy