CBI and Government advise 'Business unity essential to beat cyberattacks'

Organisations are collectively being asked to act now to counter today's heightened cybersecurity risk. Last week, an article was published in the Times, written by Steve Barclay, Chancellor of the Duchy of Lancaster and No 10 Chief of Staff, and Tony Danker, Director General of the CBI.

This follows from our previous article detailing why the Russian invasion of Ukraine is significant to business owners and the consequential advice from the National Cyber Security Centre (NCSC). This article summarises advice by Government and the CBI in The Times article:

Key takeaways

Cyberattack risk heightened by Russian invasion

The invasion of Ukraine by Russia has increased the urgency of tackling cybersecurity. As Russia's economy shrinks as a result of sanctions, more cybercriminals will turn to the West and the United Kingdom.

Human error is often the weakest link

The greatest weakness in cyber defenses is often human error.

The theft of a single password prompted the attack on America's Colonial Pipeline, which caused an abrupt shut down for 6 days and impacted the lives of millions owing to supply shortages, a fuel price hike, and petrol stations running dry.

Collective issue

This is not a Government or corporate issue – it is a collective issue. It can affect any sized organisation. A cyberattack has no geographical or physical borders. Two out of every five UK businesses were hit by a cyberattack or attempted breach in the previous year. If the United Kingdom is to be protected, then government and businesses must work together.

CBI and Government advice to businesses

1. Stress-test your supply chain

Companies must stress test the cybersecurity of their whole supply chains, down to the smallest partner, because any hole can be exploited.

Superfast IT clients can book time with a Cyber Consultant to discuss this further.

2. Boardroom responsibility

The CBI and Government are calling on businesses to work together and treat cybersecurity as a core boardroom responsibility, with equal threat to financial and other risks. Please consider:

• Is cybersecurity on your regular leadership meeting agenda?

• Do you discuss cybersecurity with your industry peers?

If you are part of a business network and are looking for a guest speaker for cybersecurity, get in touch with us and we can offer guidance, resources and advice to your network.

3. Report cyberattacks

Cybercriminals thrive from businesses' hesitancy to share their experiences.

Please notify your IT team and the NCSC Incident Management team of any cyberattacks. Your organisation will be supported and this will lead to a better collective understanding of how to combat future threats more effectively.

When something goes wrong, it's normal to be reluctant to disclose your experience, but cybersecurity is one area where rivalry does not help. A cyberattack on your nearest competitor is likely to have an impact on your organisation and entire industry. Cooperation and sharing of lessons between organisations will make the customers and public that you serve, safer.

4. Follow Cyber Essentials

Organisations are recommended to follow Cyber Essentials accreditation guidance at all levels to be better protected. Find out why the UK Government recommends Cyber Essential as a base level of cybersecurity and how it could be implemented to your business:

5. Report scams

Encourage all of your team to report scams, even in their personal emails/sms. All members of the public can help by reporting email scams to the NCSC and help to remove scams from the internet.

6. Address human error

We can all learn from the mistakes of the Colonial Pipeline cyberattack, caused by the theft of a single password. The password in questionth hadn’t been changed from its factory default. Every business can easily implement:

1. Password policy

   Book time with our Cyber Consultants to receive a template Password Policy and demonstrate to your team that your take password security seriously.

2. Get a password manager

   The days of saving passwords in a word document are far outdated. Delete any such documents and we recommend every team member downloads a password manager.

   A password manager safely stores and remembers all of your passwords. It also creates complex, random passwords on your behalf, that can’t be guessed, so you don’t have to ‘think’ about creating a complex password.

We can help our existing clients to adopt a password manager across your business. Book time with our Cyber Consultant for a demo.