Support: 0330 332 7933 Sales: 0808 500 1436

Whose role is it to tackle cyber security?

I am sure you’ve noticed that the threats to online security are constantly evolving, and have become increasingly sophisticated. At Intercity, we make it our job to ensure we’re experts on the latest security threat vectors, from mobile malware, phishing and DDoS attacks, to common rogue insider activities.

But it seems, no matter how seriously we take cyber security, many businesses are still falling short — latest figures show that over four in ten UK businesses and two in ten charities suffered a cyber breach or attack in the past 12 months.

And the most common attack? Fraudulent emails followed by cyber criminals impersonating an organisation.

Ensuring your business is cyber secure should be without question. And there are various ways of doing so, whether it is on-premise security or a cloud-based Security as a Service (SECaaS). The bigger question, perhaps, is not how to secure your business, but who takes ownership of this cyber security process?

Cyber security is more than just IT

Often, the burden of responsibility of cyber security falls to you — the IT department. And on the surface, that makes sense. Historically, it was considered ‘IT security’; companies defined specific perimeters to protect internal IT systems from external threats.

Whilst these perimeters are now expanding or even disappearing altogether, online security solutions are still technology-based tools. These tools generally assess and encrypt your sensitive information, protect your business devices and block malicious activity as early as possible. As the tech expert, you’re best positioned to choose the most robust tools, solutions and reliable partners to secure your business architecture. The rest of the business trusts you to do so.

But, as we’ve already discussed, a significant number of threats begin with a single, often non-IT staff member doing something they shouldn’t — opening a malicious attachment or clicking on a phishing email. Whilst technologies can detect if a hacker is attempting an attack and restrict compromised devices, your technology solutions can only go so far.

It is impossible, therefore, for your IT department alone to keep the entire organisation secure. It should be a collaborative effort that should go up to the very top of the business, and extend across all operational departments.

Is your board involved?

The surge in high-profile, malicious attacks in recent years, with WannaCry and NotPetya the most recent, has raised the stakes of online security. As such, cyber security has (or should have) become an integral part of organisational risk assessment and management.

Your board members have the easiest access to the most sensitive business information. For this reason, they are just as, if not more than, likely to be targeted by cyber criminals.

Despite this, there still seems to be a lack of clarity among some boards about how to oversee and provide guidance and leadership on these threats. Our latest research on cyber security shows that whilst just under two thirds of senior leaders have some understanding, only 30% have an in-depth understanding of the risks associated with evolving cyber threats.

It is, however, your role to take this knowledge to your board. They needn’t be online security experts, but they should be abreast of the common threats and potential weaknesses of your business. What’s more, your board members have the easiest access to the most sensitive business information. For this reason, they are just as, if not more than, likely to be targeted by cyber criminals.

To broaden their involvement, why not disseminate a regular update or summary of the main components of your security strategy? This could include a review of the current threats and recently prevented attacks, as well as a review of the training and education taking place across the organisation.

Cyber security is everyone’s job

Whilst online security is certainly a board-level concern, it is everyone’s role in the business to tackle it. You, as the security and technology expert, still have an integral role to play here.

Thorough education programs should be crafted into your security role to train the wider business on potential online threats. This could involve regular presentations to your staff on what to look for in a malicious email, or outlining activities to avoid on business devices. Train your staff to be vigilant, this includes showing what these threats ‘look like’ and most importantly, how to avoid them.

Subscribe to our thinking

Human error is the cyber security ‘wildcard’; it’s not something that IT departments can easily mitigate so, unfortunately, it is often overlooked. Many organisations focus on preventing cyber criminals from exploiting technology and ignore the mistakes their staff can make, with or without IT. The most secure businesses have robust technical safeguards in place, whilst constantly patching holes and plugging gaps in their front-line of defence — their workforce’s knowledge.

Up next

It’s Official – We’re WINNERS of the ‘Best Use of Technology Award’

Intercity has won the best use of technology award in collaboration with East Lancashire Hospitals Trust for the Telestroke Network.

Delivered in conjunction with Virgin Media Business and East Lancashire Hospitals, the Telestroke Network continues to hit the headlines, this time winning best use of technology award at the Building Better Healthcare Awards last week.

Intercity has worked with the Trust since 2011 to implement the first fully managed ‘out of hours’ stroke service across Lancashire and Cumbria residents. The Telestroke Network, which uses diagnostic-quality video and high-quality audio technology, allows clinicians across the UK to carry out initial remote assessments for acute stroke patients.

To date, the Telestroke service has assessed over 1,800 patients, treated 875 patients and saved an estimated £150 million annually. From 1st July 2016 to 30th June 2017 alone, 216 assessments have been carried out, 132 patients have been treated and 459 advice calls have been taken.

Ian Jackson, chief commercial officer at Intercity Technology, said:

“This is the second time the service has won this prestigious award and it is testament to the innovation we can achieve. Being associated with a service that is fundamental in improving patient care and stroke outcomes is something we can all be proud of”.

The Building Better Healthcare Awards are held each year to celebrate innovation and improvement in the built environment and medical device design and to highlight the efforts of people working in the healthcare industry.