In light of the recent news that councils aren’t prepared for cybersecurity attacks, please see below comment from David Carroll, CEO of XQ Cyber on the needs for the absolute basics of cybersecurity must be administered, to set an example for the rest of the country. David Carroll, CEO at XQ Cyber commented below.
David Carroll, CEO at XQ Cyber:
“To those working in the cyber security industry, today’s report that UK local councils are unprepared to deal with cyberattacks is no surprise. GCHQ studies have shown that 80-90% of economic loss due to cybercrime is down to neglect for basic best practice, which includes the training of employees on awareness of threats so they can avoid putting both themselves and their organisations at risks.
“Whilst these council data breaches aren’t necessarily about significant financial gain for cybercriminals (often it’s just stunt hacking for the sake of it), it highlights the important question of how secure all levels of government are, from central departments to local council – the entire ecosystem.
“We urgently need a security mindset shift. Organisations need to stop assuming if and start to acknowledge when a cyber incident will happen to them. Robust training can address the most common weak point for many organisations – employees’ knowledge of cyber. But it’s not all about employees.
“Trust also needs to be established between organisations and their supply chain. High profile attacks rarely come direct to the target. More often than not they enter an organisation via an innocuous suppler. A collaborative effort is required between all companies with mutual business relationships to combat nefarious actors with their eyes on the prize and the wider supply chain.
“It’s evident that in the age of NotPetya, WannaCry, and even Stuxnet, those with the power to make change are neglecting to do so – even at a basic level. As the guardians of our services, defences and the prosperity of our nation, governments need to be taking basic security far more seriously. It’s not hard, or necessarily expensive, it just needs doing.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.