Despite large-scale breaches having recently emphasised the likelihood of a cyber attack, too many CIOs still focus solely on securing data and allow response plans to slip.
That’s according to Richard Pharro, CEO at APMG International, a cyber training company. He argued that CIOs must plan for vulnerabilities across their organisation and prepare for the worst as a very real danger. He said: “The series of breaches that have come to define this year prove that, for the large organisation, a breach should be viewed as inevitable. IT departments now have to deal with the mounting complexity of cyber attacks, and technical controls can never ensure absolute protection.”
Pharro went on to say that mapping responses for the instance of a large-scale breach is as important as securing private data. Recent research from Howarth and collated by APMG International, suggested that 95 per cent of all security incidents involve human error, the most pressing cases being poorly prepared processes and inadequately trained members of staff.
He said: “Employees can be an organisation’s greatest asset or its biggest weakness when securing sensitive information from cyber attacks, so the entire company – from the boardroom to operations – must be better equipped to understand the risks and benefits of cyber resilience. Realistically, compliance is only the first step towards security; your organisation’s existing processes must also be regularly monitored. Flows of data change, and so do cyber criminals’ attack vectors, so to remain static is to remain vulnerable.”
