Comment from David Emm, Principal Security Researcher at Kaspersky Lab on 90% of major British firms have suffered a cyberattack
New research has revealed that 90 per cent of major British organisations, and 74 per cent of small- and medium-sized organisations, have suffered an information security breach. This demonstrates the urgent need for companies of all sizes to implement a strong cyber-security programme. Step one: know the risks. If your organisation has never faced a cyberattack, it’s easy to assume that ‘it won’t happen to me’, or even to think that what we hear about malware is just hyperbole disseminated by the media. However, all organisations hold data that could be of value to cybercriminals, and so any organisation could be a target; even if they are just used as a bridge for cybercriminals to access other companies. This is why it’s imperative that businesses of all categories and sizes recognise that the threat is out there and advance a strategy for combatting cyberattacks.
This strategy, and the policies that come with it, must address a number of elements; it must contain an accurate assessment of the dangers, the methods cybercriminals could utilise to infiltrate corporate systems, the tools required to mitigate the risks and actions necessary for handling the human element of security in the company.
It is imperative to educate all staff on security policies – most of the time attacks start by deceiving people into doing something that endangers corporate security. It’s crucial to clarify security problems and explain them in an easy to understand manner. This means varied forms of communication (written and verbal), as well as including the usual list of dos and don’ts as a guide for staff to follow. Companies often put policies in place and have staff sign a one-off agreement of understanding, but then fail to ensure this is monitored with systematic awareness and education sessions that make imaginative use of various tools to ensure security is always front of mind.
By David Emm, Principal Security Researcher at, Kaspersky Lab
Bio: David has been with Kaspersky Lab since 2004. In his role as Senior Technology Consultant David presented information on malware and other IT threats at exhibitions and events, and provided comment to both broadcast and print media. He also provided information on Kaspersky Lab products and technologies. He was promoted to his current position in 2008. David has a particular interest in the malware ecosystem, ID theft, and Kaspersky Lab technologies, and he conceived and developed the company’s Malware Defence Workshop.
David has worked in the anti-virus industry since 1990 in a variety of roles. Prior to joining Kaspersky Lab David worked as Systems Engineer, Product Manager and Product Marketing Manager at McAfee; and before that as Technical Support Manager and Senior Technology Consultant at Dr Solomon’s Software