Despite large-scale breaches having recently emphasised the likelihood of a cyber attack, too many CIOs still focus solely on securing data and allow response plans to slip. That’s according to Richard Pharro, CEO at APMG International, who commented that CIOs must plan for vulnerabilities across their organisation and prepare for the worst as a very real danger:
“The series of breaches that have come to define this year prove that, for the large organisation, a breach should be viewed as inevitable. IT departments now have to deal with the mounting complexity of cyber attacks, and technical controls can never ensure absolute protection.”
Pharro went on to say that, in today’s organisation, mapping responses for the instance of a large-scale breach is as important as securing private data. Recent research* from Howarth and collated by APMG International, found 95 per cent of all security incidents involve human error, the most pressing cases being poorly prepared processes and inadequately trained members of staff:
“Employees can be an organisation’s greatest asset or its biggest weakness when securing sensitive information from cyber attacks, so the entire company - from the boardroom to operations - must be better equipped to understand the risks and benefits of cyber resilience. Realistically, compliance is only the first step towards security; your organisation’s existing processes must also be regularly monitored. Flows of data change, and so do cyber criminals’ attack vectors, so to remain static is to remain vulnerable.”
Pharro advises that in order for an organisation’s view to shift from cyber security to resilience, they should consider RESILIA training, created by AXELOS.
He said: “RESILIA introduces a framework of best practice that builds on skills across the organisation. With the right skills in place, an appropriate response to threats can be effectively communicated across the whole organisation in a common language. RESILIA’s methods ensure staff are trained in accordance to security best practice, effectively reducing the likelihood of a breach and helping plan a fast recovery in the instance of a cyber attack.”