Though most organisations have cyber-security systems in place, the effectiveness of preventing potential incidents is highly questionable.
It seems the media is portraying how companies are becoming increasingly less prepared in the event of a cyber-attack. For the most part, their cyber-security seems to be reactive rather than proactive. However, this theory may not be completely unfounded as the Global CISO study shows that 78% of Chief Information Security Officers (CISOs) are worried about their ability to detect breaches in the first place.
IT security spectator, Sue Marquette Poremba, believes that:
“…too many organisations are unprepared for when that incident does happen and spend a lot of time reacting to the aftermath.”
I agree with Sue on this point, but I do believe the general unpreparedness of companies and organisations applies post cyber-attack too. This is supported by the Global CISO study where 300 CISOs were surveyed and only 19% of chief executives said their company is highly effective at preventing security breaches. It’s even more surprising that 81% of CISOs are highly concerned that breaches are going unaddressed – this means that more than 8 out of 10 companies may be aware that breaches are happening, but they may not have an effective plan in place to respond to the breach. This is backed up by the fact that another 78% of CISOs said they were concerned that they don’t have the capability to even detect a breach. If this is the problem, it’s not surprising that the breaches aren’t being acknowledged.
The following figure may be surprising to some, but it doesn’t surprise me anymore: 1 in 10 CISOs admitted that their company experienced a ‘significant breach’ within the past 3 years that resulted in financial and/or reputational loss.
NHS hacks and breaches
A good example of this is the recent NHS hacking scandal. The NHS systems are renowned for being outdated as many are still operating on Windows XP. According to a report from the Big Brother Watch, the NHS Trusts are reported to breach patient confidentiality SIX times a day. This accumulates to 7,255 breaches between 2011 and 2014.
In March, there was another legitimate scare when 26 million medical records were found to be unsecure. This was because GPs were using an “enhanced data sharing” IT system called SystmOne, which allows local hospitals access to these records; something which can be essential in emergency care. But this also meant that the records could be accessed by thousands of employees across the country, and there should’ve been a system in place where only authorised personnel could access the files.
Growing concerns for the NHS in the digital age
There are growing concerns as the NHS digitises its records. This arguably places millions of patients and their records at risk by putting them online where cyber-criminals can try and use any strategic method to steal this data.
The recent hack of the NHS shows they were unprepared, with 47 NHS Trusts affected by the WannaCry ransomware attack. Their response plan was to just shut down the majority of the systems so the attack couldn’t spread, and the NHS didn’t seem to have a plan to prevent the hack from crippling the system. If it wasn’t for the anonymous cyber-security expert, MalwareTech, who killed the malware, I can’t imagine what kind of damage the ransomware attack could’ve caused…
Take home message
This should drill in an important message to CISOs and their companies; prepare effectively so you can respond effectively. Ensure you have the right security measures in place and you have a crisis plan in place to guide employees when you suffer from a cyber-attack…
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.