As you may or may not know, the month of October brings with it not just an autumnal change in leaf colour, but the start of European Cyber Security Month (ECSM). The ECSM is an EU advocacy campaign that promotes cyber security and advocates for change in the perception of cyber-threats by promoting data and information security, education and the sharing of good practices.
With last month’s reports that Yahoo! had suffered what could be the largest cyber breach in history, affecting 500 million users worldwide including 8 million in the UK, an awareness campaign of this kind couldn’t come at a better time.
Today, we live in a digital age; with two thirds of UK adults now owning a smartphone and the average time that internet users spend online doubling in the last decade. It’s no surprise then that digital technology is also now becoming an intrinsic element of the modern life and business. While a lot of this month’s efforts will be put into raising personal awareness and keeping people safe online, it is important to recognise that, as the data threat landscape expands at an exponential rate, and cloud, big data, and IoT adoption accelerates, new sets of unique risks are constantly being introduced to organisations.
Every organisation has a level of corporate and social responsibility to all of its stakeholders. When a company is entrusted with sensitive data, it is its responsibility to demonstrate a commitment to implementing best practices. With cyber security being brought to the forefront of peoples’ minds through campaigns like ECSM and the high-profile breaches making the headlines, customers will vote with their feet and abandon those companies that fail to properly safeguard their personal data. In fact, according to a recent survey we carried out, only 16% of respondents would continue to use the product or service of an organisation as normal if they found out that it had had multiple data breaches. This statistic is illustrated by the fact that it has been announced that the cost to TalkTalk in lost business, as a result last year’s very high profile cyber attack, was £60m – which is almost certainly business that went elsewhere, as in this digital age, is it highly unlikely that those people had given up their mobile phones!
Given the above, it’s time that UK firms recognise the importance of cyber security and ensure that any data-at-rest, which accounts for the vast majority of data being stored by organisations, and is also the most vulnerable, is fully encrypted, no matter where it resides. This ensures that, if a breach does occur, the data is rendered unintelligible, avoiding the kind of fallout Yahoo! is experiencing. ECSM need not just be for end users, it should also apply to any kind of organisation, and not just for the month of October.