With recent news that essential services firms will face hefty fines for failing to effectively safeguarding themselves from cyber-attacks, Dr Guy Bunker, SVP of Products at data security company, Clearswift, commented below on why this is a huge step forward for cyber security legislation and what this will mean for UK businesses.
Guy is an internationally renowned IT expert with over 20 years’ experience in information security and IT management. He was previously the Global Security Architect for HP. Prior to that he was Chief Scientist for Symantec and CTO of the Application and Service Management Division at Veritas (acquired by Symantec).
Dr Guy Bunker, SVP of Products at Clearswift:
“These fines should not be seen as the silver bullet solution but rather act as a way of grabbing the attention of companies to prioritise the wider goal of improving cyber security. With the fines affecting the bottom line of firms this is an easy way of copper fastening existing means of self-regulation that haven’t worked.
“The safety of Critical National Infrastructure is of course a cause for concern, however, there is a need for all businesses to be aware that they could be attacked – either as a targeted attack, or ‘caught in the crossfire’. Many major attacks, such as Wannacry, have not been targeted, but had a big impact on businesses of all sizes and across all verticals.
“Hot on the heels of this legislation will be GDPR and while GDPR is about protecting EU citizens information, this is about protecting the infrastructure of the country – on which both citizens and business rely. Many of the organisations that this legislation applies to will also be subject to GDPR but with the nature of the companies involved here, an added incentive for companies to shore up their defences may prove useful.
“Organisations need a defence in depth approach to security and when it comes to information, Adaptive DLP is both the first and last lines of defence.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.