Subscribe

Businesses Vulnerable To Cyber-Attack

/ 28th September 2020 /
Darren O'Loughlin

One in three organisations are unprepared for a cyber-attack yet one in six have experienced a Covid-19-related data breach in the past six months.

The findings are included in a report published by business certification and consultancy BSI, which investigated company readiness to reopen and the new hybrid working dynamic of office and home.

Respondents to the BSI survey included businesses from a variety of sectors, including finance, food and retail, manufacturing and professional services.

When asked how cybersecurity-ready organisations are in the context of reopening offices, two-thirds had factored in physical security, while three-quarters had readied themselves in terms of network security, security governance and operations security.

Download Digital Business Ireland cyber security manual 

In Association with

BSI’s research also found that almost half of all organisations are unprepared for the implications of ‘shadow IT’ on their business in a hybrid office scenario. This is when an employee uses an unsanctioned cloud service, device, or software, for their work, which can often lead to an increased risk of a data breach.

“Today, it’s not a question of whether a breach will take place, it’s a question of how the business can manage it when it happens,” said Stephen O’Boyle, global practice directory for cyber, risk and advisory at BSI.

“Organisations should re-evaluate system changes to security operation functions that they may have made suddenly to get the business operating remotely when work from home was first required, and now determine whether those changes are still appropriate.

“We are witnessing cybersecurity risks and threats mounting daily and working from home may be causing additional employee fatigue, leaving potential for poor judgment when it comes to identifying risks and deciding whether to click on a potentially malicious link or attachment.

O’Boyle added that there is potential for data leakage through cloud services as well as the use of bring-your-own-device (BYOD) work setups. “The assurance over the security of the BYOD can be lost, and potential questions arise over ownership and access to data.

“Approved corporate devices are advisable that traditionally provide encryption, patching, web filtering and anti-malware. For these reasons, it is important that IT managers educate about data management and clarify shadow IT and BYOD policies.

“We encourage employers to carry out regular awareness training and education around cybersecurity risks. All levels of an organisation need to be aware of cybersecurity risks, especially senior management. The current environment we are living in has exacerbated the threats, meaning cybersecurity needs to be at the core of business decisions now more than ever.”

Sign up to The Business Plus Panel to help shape the business decisions of tomorrow and win vouchers for your opinions! 
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram