BSI research reveals over a third of organisations are unprepared for a cyber incident

Research by the cybersecurity and information resilience team at BSI shows that over a third of organisations are unprepared for a cyber incident, with one in six highlighting that they have experienced a COVID-19 related data breach and cyber-attack in the past six months

The BSI research was conducted as part of a readiness to reopen and new hybrid office dynamic campaign to understand the levels of cybersecurity preparedness in the current environment. Respondent sectors covered banking and finance, food and retail, ICT and telecoms, manufacturing, and engineering as well as pharma/healthcare and medical devices, transport and logistics and professional services.

Across the globe, organisations are adapting their working structures, staggering teams in the office, or working from home to adhere to government health guidance regarding physical distancing and employee wellbeing. This hybrid working model, a mix of office and home, presents a range of challenges, most notably around cybersecurity where the threat landscape continues to increase.

Stephen O’Boyle, Global Practice Director for Cyber, Risk and Advisory at BSI, explains: “Today, it’s not a question of whether a breach will take place, it’s a question of how the business can manage it when it happens. Incident response is a critical component of defence should an attack take place, so making sure you are prepared is essential for the continuity and sustainability of the business.”

Readiness to reopen

Considering the changes to the way many organisations do business now, and when asked how cybersecurity ready organisations are to reopen the office, the following responses were highlighted:

• Physical security – 66 per cent prepared
• Business continuity – 74 per cent prepared
• Operations security – 73 per cent prepared
• Network security – 75 per cent prepared
• Security governance – 75 per cent prepared

“Organisations should re-evaluate system changes to security operation functions that they may have made suddenly to get the business operating remotely when work from home was first required, and now determine whether those changes are still appropriate,” says Stephen.

“This includes network security as well as identity and access management (IAM) configurations. Similarly, security governance covering risk registers and corporate policies will need to be updated to align to the new operating environment, in the office and at home or an alternative remote location.”

“Business continuity and sustainability are areas where we are seeing growth in our consulting practice. COVID-19 has highlighted just how vital it is to have a robust plan in place that anticipates low likelihood or high impact eventualities and how best to deal with them.  While 74 per cent of our survey respondents are prepared to react to a disaster event, that left 26 per cent who are not, and we would advise those companies to address this quickly,” says Stephen.

Managing business continuity helps to ensure operational, information and supply chain resilience. By mitigating continuity risks, organisations gain resilience over their ability to deal with disruption consistently.  Simple steps like defining roles and responsibilities for co-ordination, makes a response effort more efficient. Returning to operational capacity quickly also builds client confidence and often reduces the financial impact of disruptions should they occur.

Hybrid office and Shadow IT concerns

While the hybrid model is seen as a flexible solution to allow employees efficiently perform their daily duties while keeping them safe, it also generates potential cybersecurity risks if left unmanaged. Risks in this scenario are primarily based around loss of visibility of employee activity and data, employee susceptibility to phishing attacks, and employees using shadow IT.

BSI’s research found that almost half of all organisations are unprepared for the implications of ‘shadow IT’ on their business in a hybrid office scenario. This is when an employee uses an unsanctioned cloud service, device, or software, for their work, which can often lead to an increased risk of a data breach. In a rush to enable the business to work remotely, IT teams may have put solutions in place that did not go through normal security governance lifecycle processes.

Stephen explains: “We are witnessing cybersecurity risks and threats mounting daily and working from home may be causing additional employee fatigue, leaving the potential for poor judgment when it comes to identifying risks and deciding whether to click on a potentially malicious link or attachment. The lack of governance and the haste to empower remote users creates opportunities for hackers as traditional security mechanisms can often be absent.”

“There is potential for data leakage through cloud services as well as the use of BYOD (bring your own device). The assurance over the security of the BYOD can be lost, and potential questions arise over ownership and access to data. Approved corporate devices are advisable that traditionally provide encryption, patching, web filtering and anti-malware.  For these reasons it is important that IT managers educate about data management and clarify shadow IT and BYOD policies.”

“We encourage employers to carry out regular awareness training and education around cybersecurity risks.  All levels of an organisation need to be aware of cybersecurity risks, especially senior management.  The current environment we are living in has exacerbated the threats, meaning cybersecurity needs to be at the core of business decisions now more than ever,” concludes Stephen.

The Consulting Services team at BSI provides an expansive range of solutions to help organisations address challenges in cybersecurity, information management and privacy, security awareness and compliance. For more information visit bsigroup.com/cyber-ie

More about Irish Tech News and Business Showcase here.

FYI the ROI for you is => Irish Tech News now gets over 1.5 million monthly views, and up to 900k monthly unique visitors, from over 160 countries. We have over 860,000 relevant followers on Twitter on our various accounts & were recently described as Ireland’s leading online tech news site and Ireland’s answer to TechCrunch, so we can offer you a good audience!

Since introducing desktop notifications a short time ago, which notify readers directly in their browser of new articles being published, over 50,000 people have now signed up to receive them ensuring they are instantly kept up to date on all our latest content. Desktop notifications offer a unique method of serving content directly to verified readers and bypass the issue of content getting lost in people’s crowded news feeds.

Drop us a line if you want to be featured, guest post, suggest a possible interview or just let us know what you would like to see more of in our future articles. We’re always open to new and interesting suggestions for informative and different articles.

If you would like to be featured in our podcast series drop us a line & don’t forget to sign up for notifications for our latest episodes and follow us on Twitter, Linkedin, SoundCloud, iTunes or your own favourite podcast platform.

Contact us, by email, twitter or whatever social media works for you and hopefully, we can share your story too and reach our global audience. We are agile, responsive, quick and talented, we look forward to working with you!

If you would like to have your company featured in the Irish Tech News Business Showcase, get in contact with us at Simon@IrishTechNews.ie or on Twitter: @SimonCocking