- Herencia, propósito y creatividad confluyen sobre un manto tecnológico en los irrepetibles UMusic Hotels
- OpenAI, SoftBank, Oracle lead $500B Project Stargate to ramp up AI infra in the US
- 오픈AI, 700조원 규모 'AI 데이터센터' 프로젝트 착수··· 소프트뱅크·오라클 참여
- From Election Day to Inauguration: How Cybersecurity Safeguards Democracy | McAfee Blog
- The end of digital transformation, the rise of AI transformation
Businesses Found to Neglect Cybersecurity Until it is Too Late
Businesses only take cybersecurity seriously after falling victim to an attack, according to a report published by the UK’s Department for Culture, Media and Sport (DCMS) this week.
For the research, the UK government surveyed IT professionals and end users in 10 UK organizations of varying sizes that have experienced cybersecurity breaches in the past three years. This analyzed their existing level of security prior to a breach, the business impacts of the attack and how cybersecurity arrangements changed in the wake of the incident.
Nearly all respondents said their organization took cybersecurity much more seriously after experiencing a breach, including reviewing existing practices and significantly increased investment in technology solutions. In one case, the organization changed its IT provider, implemented multi-factor authentication (MFA) for all logins and is working towards Cyber Essentials Plus after an incident. In another, following a DDoS attack that caused a significant loss of revenue, the organization brought in changes so all their third-party infrastructure is always under DDoS protection. In addition, it now conducts regular security testing, including constant threat hunting exercises.
While there was a consensus among participants that there is a greater need for vigilance and investment in cybersecurity, there was significant variation between organizations’ practices in this area. Medium and large organizations tended to have formal plans in place and budget allocated for further cybersecurity investment, but smaller businesses mostly did not due to resource constraints.
Encouragingly, most participants reported feeling their organization was better protected than before the attack due to the changes. In many cases, leadership became more engaged in cybersecurity post-breach, with some treating it as ‘a board level business problem.’
Commenting on the findings, Tim Sadler, CEO at Tessian, said: “This new report from DCMS reveals that businesses do take steps to strengthen their defenses after attacks occur, investing in new security solutions, and implementing new policies and training programs for staff.
“However, this is often too little, too late and business leaders need to listen to their security teams to understand the ways they can proactively protect their organization before a costly breach occurs.”
Dan Middleton, VP UK&I at Veeam, stated: “It’s simply not acceptable that the penny keeps dropping only after data has been accessed by cyber-criminals. At the most senior level, there is a clear need for every enterprise to have a CISO, and for their advice to be heeded by those at the top.”
