MARKET REPORT Data Security
“A breach has probably occurred in most organisations because current security
postures are generally not sufficiently robust or evolved.“
Dave Moss, Security Practice Lead, Comstor
AN INSIDE JOB
A new report from The Bunker, the UK managed services and data centre
provider, has highlighted that senior executives are still often the weakest
link in the corporate cybersecurity chain and that cybercriminals target this
vulnerability to commit serious data breaches.
According to the report, many senior executives ignore the
threat from hackers and cybercriminals and often feel that security
policies in their respective organisations do not apply to their
unique position. However, in reality, their often privileged access
to company information make their personal accounts extremely
valuable to exploit and heightens the need for extra care. In addition
to highlighting the common mistakes made by senior executives, the
white paper lists the top security areas that should be prioritised to
ensure cybersecurity resilience.
Ryan Weeks, Chief
Information Security Officer at
Datto says that unfortunately, it
is very easy to perform certain
types of cyber-attacks that lead
to ransomware infections.
“The main risks of security
breaches are loss of data –
potentially client data or personal
data, loss of productivity, loss
of revenue, loss of reputation
and now, following the
implementation of GDPR,
hefty fines. This means that
every business, no matter its
size, needs to have a strategy in
place to prepare for, deal with,
and eliminate material risks that
could lead to security
breaches. Our recent global
ransomware report showcased
this, with all operating systems
shown as at risk, including iOS
on your iPhone! The same report
also found that in comparison
to other solutions, the most
effective for avoiding downtime
caused by ransomware is business
continuity and disaster recovery.
Roughly 90 percent of the MSPs
that we spoke with reported
victimised clients with BCDR
fully recovered from a security
breach in 24 hours or less.”
Dave Moss, Security Practice
Lead, Comstor says it’s more
likely a case of ‘how often’, ‘how
do I find out’ and ‘how can I
remediate’?
“A breach has probably
occurred in most organisations
because current security postures
are generally not sufficiently
robust or evolved. For instance,
when we’re running a NGFW
proof-of-concept or pen test, it’s
very common for red lights to go
off before the engineer has left the
building. A breach is not always
immediately apparent or sinister
- if you’re a potential launchpad
for a denial of service attack, how
would you know who and what
was lurking on the network? As
it’s commonly months before
anything gets noticed, if, at
all, threat intelligence services
like Talos, which monitors
more traffic than Google and
Microsoft, that alert in less than a
day are of immense value.”
Colin Tankard, Managing
Director at Digital Pathways says
every organisation should expect
to be breached, the only question
will be the severity of the breach
and, how quickly it will take to
recover.
“For example, to clean all
infected servers and PCs of
malware and restore business
operations to normal with,
hopefully, no loss of data.”
Vincent Disneur, Head of
Sales and Marketing for Union
Street Technologies, says that
as with everything, there’s an
element of Murphy’s law involved
in all things related to data
security, but he does not believe
security breaches should be seen
as inevitable.
“By implementing robust
security frameworks that are
based on assured repeatable
process, there is much a company
can do to mitigate its risk.
Following independent audits
of our information security
management systems (ISMS),
Union Street has been certified by
the British Standards Institution
(BSI) for the internationally
recognised ISO/IEC 27001
standard in Information
Security Management since
2016. Qualifying required us
to make some big investments
into our security and hardware
infrastructure.
Based on this experience, I can
say that maintaining information
security is certainly challenging,
but by no means impossible.”
What have we learned since
GDPR regulations came in
nearly a year ago?
According to Ian Kilpatrick
at Nuvias, it might look like
nothing much has happened
regarding GDPR, but it has. It’s
just taking a while for fines to
come through.
“Those who are in breach are
still being selected and processed.
For example, the recent Google
fine related to the situation on
26th May last year, just after
GDPR was introduced. It’s taken
this long for the fine to come
through. It was a fine regarding a
structural breach as opposed to a
fundamental security breach, so
we haven’t yet seen a penalty for a
full security breach.
A recognition of what people
need to do re GDPR hasn’t struck
home yet. Many people thought
they were on the right path to
GDPR compliance, as it has been
relatively quiet. But when the big
penalties come through, they are
going to want to re-evaluate their
position.”
Richard Stevenson, CEO
of Red Box says his company is
seeing many businesses looking to
turn compliance and regulation
investment into opportunity.
“GDPR prompted businesses
to take a step back and have
a proper look at what systems
and data management processes
they had in place. In some
cases, it meant bringing things
>
46 | Comms Business Magazine | March 2019 www.commsbusiness.co.uk
/www.commsbusiness.co.uk