Organisations are collectively being asked to act now to counter today's heightened cybersecurity risk. Last week, an article was published in the Times, written by Steve Barclay, Chancellor of the Duchy of Lancaster and No 10 Chief of Staff, and Tony Danker, Director General of the CBI.
This follows from our previous article detailing why the Russian invasion of Ukraine is significant to business owners and the consequential advice from the National Cyber Security Centre (NCSC). This article summarises advice by Government and the CBI in The Times article:
Understand the threats by watching our webinar recording and downloading the slides.
Cyberattack risk heightened by Russian invasion
The invasion of Ukraine by Russia has increased the urgency of tackling cybersecurity. As Russia's economy shrinks as a result of sanctions, more cybercriminals will turn to the West and the United Kingdom.
Human error is often the weakest link
The greatest weakness in cyber defenses is often human error.
The theft of a single password prompted the attack on America's Colonial Pipeline, which caused an abrupt shut down for 6 days and impacted the lives of millions owing to supply shortages, a fuel price hike, and petrol stations running dry.
This is not a Government or corporate issue – it is a collective issue. It can affect any sized organisation. A cyberattack has no geographical or physical borders. Two out of every five UK businesses were hit by a cyberattack or attempted breach in the previous year. If the United Kingdom is to be protected, then government and businesses must work together.
CBI and Government advice to businesses
1. Stress-test your supply chain
Companies must stress test the cybersecurity of their whole supply chains, down to the smallest partner, because any hole can be exploited.
The CBI and Government are calling on businesses to work together and treat cybersecurity as a core boardroom responsibility, with equal threat to financial and other risks. Please consider:
Is cybersecurity on your regular leadership meeting agenda?
Do you discuss cybersecurity with your industry peers?
If you are part of a business network and are looking for a guest speaker for cybersecurity, get in touch with us and we can offer guidance, resources and advice to your network.
3. Report cyberattacks
Cybercriminals thrive from businesses' hesitancy to share their experiences.
Please notify your IT team and the NCSC Incident Management team of any cyberattacks. Your organisation will be supported and this will lead to a better collective understanding of how to combat future threats more effectively.
When something goes wrong, it's normal to be reluctant to disclose your experience, but cybersecurity is one area where rivalry does not help. A cyberattack on your nearest competitor is likely to have an impact on your organisation and entire industry. Cooperation and sharing of lessons between organisations will make the customers and public that you serve, safer.
4. Follow Cyber Essentials
Organisations are recommended to follow Cyber Essentials accreditation guidance at all levels to be better protected. Find out why the UK Government recommends Cyber Essential as a base level of cybersecurity and how it could be implemented to your business:
5. Report scams
Encourage all of your team to report scams, even in their personal emails/sms. All members of the public can help by reporting email scams to the NCSC and help to remove scams from the internet.
6. Address human error
We can all learn from the mistakes of the Colonial Pipeline cyberattack, caused by the theft of a single password. The password in questionth hadn’t been changed from its factory default. Every business can easily implement:
The days of saving passwords in a word document are far outdated. Delete any such documents and we recommend every team member downloads a password manager.
A password manager safely stores and remembers all of your passwords. It also creates complex, random passwords on your behalf, that can’t be guessed, so you don’t have to ‘think’ about creating a complex password.
We can help our existing clients to adopt a password manager across your business. Book time with our Cyber Consultant for a demo.