It’s noteworthy that across multiple, independent surveys, the finding is unanimous – SMEs are displaying a worryingly lax attitude towards security, which is coming at great cost to the business. Despite security breaches making headlines on almost a daily basis, business leaders aren’t committing to security investment in any meaningful way. It’s time organisations heeded the warning of the recent WannaCry and NotPetya ransomware attacks.
Furthermore, the upcoming GDPR in May 2018 is a regulation with ‘teeth’ – with a maximum fine set at four per cent of an organisation’s worldwide turnover, no business of any size can afford to ignore. The GDPR places the burden of data security and subsequent remedial action, squarely on the shoulders of the breached organisation. Also, a key component of GDPR compliance is having the ability to properly perform incident response and reporting in a timely manner.
In the event of an attack, it’s imperative that the breached organisation is foremost, able to contain and block the incident in progress, implement remediation and undertake a root-cause analysis to pre-empt a similar occurrence. Thereafter, it must execute on well-defined reporting procedures so that the implications to the business, IT security and its customers can be assessed and the authorities and relevant stakeholders appropriately informed.
We at Reliance acsn have substantial experience in helping organisations undertake incident forensics and establish incident response programmes, often working as an extension of customers’ in-house IT teams. If this is an area you are evaluating for your business, please get in touch with us on +44 (0)845 519 2946.
Have a look at the top cyber news items reflecting the mood of the market in our weekly newsletter.