The government is today warning British business leaders of the vital importance of increasing their vigilance and defences regarding cyber threats. At a conference at the Foreign Office, ministers and officials from the communications intelligence agency, GCHQ, are telling companies to create a more security-conscious culture.
At today’s event, the head of GCHQ is asking board members and chief executives how confident they are their company's most important information is safe from cyber threats and whether they are aware of the impact on a company's reputation, share price or even existence if sensitive information is stolen.
We thought you might be interested in the thoughts of acknowledged international information security guru Alan Calder. As well as being chief executive of IT Governance, the single-source provider for cyber security books, tools, training and consultancy, Alan is a leading information security author. His book, ‘IT Governance: An International Guide to Data Security and ISO27001/ISO27002’ (co-written with Steve Watkins), is the basis for the UK Open University’s postgraduate course on information security.
Calder says: “Today’s call by the government shows that at least our politicians understand cyber threats are real. However, many CEOs and even more managers remain asleep at the wheel on this topic, which is alarming for employees, shareholders and everyone with a stake in UK PLC.
“Protecting information assets is key to the long-term competitiveness of UK organisations, but great progress needs to be made. For example, compliance with the ISO27001 information security standard should be the cornerstone of any organisation’s cyber security response. If you’re responsible for a business but aren’t aware of this standard, you need to find out about it – fast.
“To be blunt, staff will be the weakest link. As technical defences improve, so attackers will increasingly exploit human error, ignorance and vulnerabilities, so staff education and training in all aspects of cyber security is vital. The government is therefore right to speak of a need for cultural change within organisations.
“There are simply no excuses. Any private or public sector organisation claiming not to be able to afford the time or money needed for staff awareness education should simply consider the cost of failure, both in terms of fines and reputational damage. And when fast, convenient, inexpensive routes to training exist, like e-learning courses, any further excuses for ignorance simply cannot be tolerated.”
We hope the comments above will be of value to you in your reporting and, of course, if you would like to interview Alan for further expert analysis, please do not hesitate to let us know.