The program, dubbed Cyber Security for Business, is the first time that the government and intelligence services have co-operated directly with the private sector, and GCHQ will focus on showing businesses how best to bolster their cyber defenses and reduce risks through prevention methods.
GCHQ head Iain Lobban will tell business leaders that current confidence in existing security defenses is often misplaced, with potentially major implications for the economy and customers’ trust in online services. He will also ask board members and chief executives how confident they are that their most important corporate information is safe from cyber threats and whether they are aware of the impact on a company's reputation, share price or even existence if sensitive information is stolen.
Ross Brewer, vice president and managing director for international markets, LogRhythm, has made the following comments:
GCHQ is right to suggest that businesses are lulled into a false sense of security by existing defenses. In spite of recent high profile hacks and increased ICO heavy-handedness, many businesses – particularly those in the private sector – seem to be suffering from data security indifference, either failing to take the severity of the threat on board, or assuming that they are adequately protected by their age old security mechanisms. However, when the unthinkable does happen – and they fall victim to a breach – they soon realize how woefully unprepared they were.
This unpreparedness was highlighted in our own research earlier this year, with 87 percent of IT decision makers within UK businesses admitting that they would be unable to identify individuals affected by a breach within the EC’s proposed 24 hour notification timeframe. A further 13 percent claimed it would take them between one week and a month to pinpoint which customer data was affected. Even more worrying is the fact that six percent did not believe they would ever be able to accurately obtain this information.
The only way to ensure that cyber threats or network issues can be immediately identified is to have a 360 degree visibility into every piece of data being generated by IT systems – no matter how big or how complex they are. With data volumes increasing at unprecedented rates, the potential for intellectual property or other critical information to get lost in the chaos grows exponentially.
Generally speaking, the bigger the IT estate, the greater the need for a continuous and granular view of all activity – and this is what too many businesses fail to understand. Such visibility helps to identify and remediate any issues as soon as they occur – making it essential to have automated, centralized systems in place that can collect and analyze and most importantly, add context to all IT data as and when it is generated.
In the same survey, 27 percent of respondents did not know whether their company had ever experienced a security breach, and 47 percent admitted that data is only analyzed after a security event had occurred. Hopefully today’s advice from GCHQ will go some way to change this apathetic, reactive mentality and help more businesses better protect the data that they are entrusted with.