Four in 10 UK CEOs believe becoming a victim of a cyber attack is now a case of ‘when’ and not ‘if’ for their organisation, according to a survey of CEOs from some of Britain’s biggest businesses.
KPMG surveyed 150 UK leaders and a further 1,150 CEOs from across the world about their future investment plans and the challenges and opportunities facing their companies.
Commenting on the news are the following security professionals.
Javvad Malik, Security Advocate at AlienVault:
“Being attacked, or targeted in a cyber-attack is unfortunately one of the costs of doing online business in todays connected world. As pessimistic as this view may sound, it should not dissuade businesses. The challenge for businesses isn’t to completely avoid being attacked or breached altogether, as that is near impossible. Rather, focus should be put into understanding how a company would detect an attack, and take steps to stop, or recover from it in a timely manner while reducing the overall impact to the organisation.
Customers are no longer surprised when a breach occurs, however, they do judge a company by its ability to communicate clearly and effectively immediately after a breach and have steps in place to recover quickly that demonstrates resilience.”
Dean Ferrando, Systems Engineer Manager – EMEA at Tripwire:
“How can a business prepare for a cyber attack if they don’t understand, or can’t visualise an attack. The issue most boardroom executives have is that they operate with a reactive mindset. If they continue to operate in this manner, it will only be a matter of time before they suffer a successful attack. This is why adopting a proactive stance severely reduces the chance of an attack happening.
Defence is where the bulk of emphasis should be even though it’s tempting to focus on offensive cyber-capabilities. With cyber defence, getting the basics right counts for a lot and the majority of successful attacks can be prevented with foundational security controls, like ensuring systems are securely configured and managing and patching vulnerabilities. Organisations should also have visibility into the devices and software they have on their networks as this will give a clear indication of what assets need to be protected effectively.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.