Gone are the days of someone running into a bank and saying ‘Stick them up’ and asking for money to be put into a bag. The real crime now is online. Cyber crime has replaced traditional methods of robbery, fraud & theft. You could say it’s robbery on the virtual high street. All anyone needs to start targeting an individual or company is a mobile phone, internet connection and laptop. These devices now form part of our every day lives. Cyber Crime is the boom industry – its where the moneys at! Attacks are getting more severe as more data is being exposed. More funds are being exposed in single attacks and more services are being damaged.
Cyber crime is on the increase and reported incidents are regularly being publicized in the national press. Businesses can no longer afford to ignore this very real and significant threat to their security and finances.
The cost of a serious security breach can average between £65k and £115k for small businesses* and substantially more for larger companies. Every organisation should have some form of information security management system in place to provide protection against an attack.
The government is aiming to make the UK “the safest place in the world for young people to go online” (https://www.gov.uk/government/news/government-launches-major-new-drive-on-internet-safety).
This is the latest of a long list of government initiatives put in place recently to combat cybercrime against the general public and businesses.
A recent report from the British Chambers of Commerce found that even though one in five businesses had been attacked in the last year, only 24% had security measures in place.
Certification to the standard by experienced ISO 27001 consultants will identify areas of risk, provide controls and establish policies and procedures that will reduce risk and minimise the effects of an attack.
The cost of an attack can be devastating, with some businesses unable to recover from the damage caused, which can include:
- Loss of company and client data
- High IT costs involved to repair the damage
- Adverse publicity and damage to reputation
- Legal consequences and costs
An effective management system will limit disruption and keep your costs to a minimum. ISO 27001 information security management system provides businesses with a framework to identify, cope with and recover from a cyber-attack.
By implementing a companywide management process and recovery strategy, ISO 27001 goes further than other solutions such as Cyber Essentials to help your organisation combat cybercrime.
Cyber Essentials is a government initiative set up to help businesses protect themselves against cyber criminals. Achieving the badge will help to identify risks to your business and protect your organisation from common cyber threats.
However, Cyber Essentials is not a replacement for ISO 27001 but can be used to compliment your security management system. For example, if you are bidding for government contracts, this is a mandatory requirement for some ICT products and services.
Achieving ISO 27001 certification gives you a solid foundation and makes getting a Cyber Essentials badge more straightforward.
So what can you do?
How exactly do you confront and overcome these threats? How do you defend yourself? ISO 27001 is the global best practice specification which helps organisations and businesses implement an information security management system (ISMS), a systematic approach to managing information so that it remains secure. ISO 27001 offers a holistic security system which is strategic as well as operational, and encompasses people, processes and IT systems. Put simply: it’s your best chance of getting your house in order as far as information security is concerned. You can find more information on ISO 27001 here.
At A-EC we provide a wide range of products and services relating to ISO 27001, from books and toolkits to help you implement the standard, to staff awareness and training courses, software and consultancy to make ISO 27001 implementation as easy as can be. We work with you to address your needs, and can help you whatever your budget.
“But it’s madly expensive!”
A common objection to the idea of ISO 27001 compliance is budgetary constraint, but if you look at the bigger picture this objection can be dismissed as a false economy with little effort. First off, yes, I know it’s expensive and time-consuming to implement an ISO 27001-compliant ISMS. Something of that scale and importance is hardly going to be cheap and quick to do. But please don’t be daunted by the scale of the project. It really is worth it.
The 2013 Information Security Breaches Survey from the Department for Business, Innovation and Skills reports that the average cost to a large organisation of its worst security breach of the year is between £450,000 and £850,000. For a small business, it’s between £35,000 and £65,000. The same survey reports that 93% of large organisations had a breach last year, and 87% of small business did (up from 76% a year ago).
In other words, it’s pretty much guaranteed that you’re going to suffer a breach at some point, and when you do it’ll cost you way more than the cost of installing preventative measures now. Surely that’s worth at least thinking about.
Defending your business from attack
A holistic and systematic approach is required involving all areas of your business; employees, processes and technology.
Risk assessments will identify areas of weakness and vulnerable assets. The implementation of systems and controls can then be established to manage the risk.
The management system needs to allow for continual improvement, monitoring and record keeping to maintain its effectiveness as technology evolves and risks change.
Security policies for your employees and contractors working on and off site will need to be established to protect company systems and data from theft or harmful malware.
The requirements will be different for every company and you will need an expert with specialist knowledge and skills to advise you on what is needed to keep your business safe from attack.
for more information and certification please visit www.aeciso.com