As cyber security professionals, we don’t want to inhibit innovation, but occasionally the blue-sky thinkers need to be reminded about the risk inherent in anything new. Digital technologies are presenting companies with new ways to interact with their customers, and the opportunity to create products/services that would not have been possible even a few years ago. However, for all the good that digital promises, there are individuals hiding in the corners of the dark web waiting to take advantage of any slight oversight or technical nuance. Cybercrime is big business, estimated by Cybercrime Magazine to be worth $6trn for 2021.
The intention of such statements is not to scaremonger. It should be taken as a reality check, an element of the due diligence process needed to ensure organisations are not taking unnecessary risks to place themselves or their customers in difficult positions. At Vodafone Business Security Enhanced, our objective is to work with the public sector and critical national infrastructure – organisations who deal with hyper-sensitive data, both commercial and personal – to ensure they can thrive in the digital economy.
We work in partnership with our customers to constantly evolve security protocols, technologies and processes, to keep data in the hands of those who need it, and away from the hands of those who don’t. An evolving cyber security strategy should be viewed as a protection mechanism, but also an empowerment tool to facilitate growth.
You have to consider what a cyber security strategy does. Firstly, it protects your assets, employees and customers. A successful cyber attack can have numerous consequences, any one of which may be disastrous – because a large enough incident can stop your organisation functioning. For some, it impacts on making money (the UK government estimates each cyber security incident costs £8,460 on average); for others, it affects providing services critical to our daily lives.
Most public sector and critical national infrastructure organisations are responsible for ensuring our lives function the way we expect – read power, water, security, entertainment, transport, emergency services, healthcare and education. Those companies that are not accountable to shareholders must answer to taxpayers, so it is critical they function as seamlessly and efficiently as possible. Either way, there are serious financial and reputational consequences for failing to prepare.
Secondly, a cyber security strategy protects your brand. The impact on a company’s brand following a cyber security attack is very difficult to quantify, but you can almost guarantee it will be negative. Today, many of the world’s most successful companies are powered by the success of their services or products, as well as the influence of their brands. Companies such as Apple, Google, Microsoft and Amazon have reputations the majority of the world know and respect, and this fuels growth.
By investing in technologies and personnel to reduce the risk of negative sentiment, you are fuelling a potential growth engine for your business. And for those organisations that do not sell their services, such as emergency services, the brand could be replaced by the concept of trust. If the ambulance service is hacked and disrupted, the consequences are frightening.
This is where cyber security investments should be viewed as more than a cost to an organisation. You are demonstrating a proactive and forward-looking position by understanding the risk of digital, perhaps making your products/services more appealing to customers, but you are also protecting your brand from negative sentiment. Commercially, fines could be into the tens (if not hundreds) of millions, while public sector organisations are not fulfilling their promise to the people who depend on them.
Understanding weaknesses is the first step in any effective strategy. This can only be done by identifying the risks and where your organisation might be exposed. We feel this area is underappreciated. According to the Department for Digital, Culture, Media and Sport, only 31 per cent of businesses have a business continuity plan that covers cyber security.
With 20 per cent of the world’s internet traffic crossing our networks, Vodafone is in a position to provide insight into developing trends around the globe. Whether it’s a new type of threat emerging thanks to internet of things (IoT) devices becoming more common, or a new hacker group gathering momentum in Australia, high-level insight of this nature can be built into an evolving cyber security strategy to ensure protections are as resilient as possible.
Over the past two or three years, it has been plain for everyone to see that cyber attacks and breaches are becoming much more common and significantly more complex and impactful. Research firm Forrester suggest 38 per cent of UK and US companies have lost business because of a cyber incident.
Recognising the risks in digital is a mature way to capture the greatest rewards. That begins with a comprehensive cyber security strategy built into the foundations of the business. By identifying the risk and building it into the overarching model, revenues are protected, customers are protected, and the brand is protected, with the net result empowering the potential of the organisation.
Steve Knibbs is head of Vodafone Business Security Enhanced at Vodafone Business UK.