Companies have been urged to review their security policies against the government’s Cyber Essentials Scheme (CES), in preparation for the increased threat of targeted cyber-attacks in 2015.
CryptoLocker ransomware and Keyloggers were just two cyber threats seen in 2014, forcing UK organisations to take cyber crime seriously.
However, recent Databarracks research points to that fact that organisations are not taking cyber threats as seriously as they should be. Out of a sample of 400 IT decision makers, only 29% had reviewed their security polices in response to cyber threats over the past 12 months.
The research findings support the predictions making the rounds in the industy – cyber-attacks are set to go mainstream in 2015. This will be due to the increasingly sophisticated methods of cyber-criminals, as well as the availability of tools and equipment.
In order to address this, Peter Groucutt, managing director of Databarracks, advises how more organisations should review their security polices and look to the Cyber Essentials Scheme for guidance on how to stay protected:
"This year the threat posed by cyber-criminals has really made its presence felt. Attacks such as CryptoLocker weren’t just consigned to industry chatter – they were very much felt by organisations of all sizes and sectors, and documented heavily in mainstream media. According to this latest research, this is set to continue well into 2015.
"Worryingly, in response to the cyber threats in the last 12 months, over half of the respondents to our survey (58 per cent) either hadn’t made changes to their security policies, or they hadn’t reviewed them at all. The growing risk of a cyber-attack means we all need to be prepared. Organisations of all sizes need practical advice on how to stay protected.
"CES was created by the government to do exactly that. The scheme aims to provide clear guidance and practical advice for firms looking to improve their cyber security practices, whether they’re taking their first steps into cyber security or looking to improve existing processes. It solves an issue for SMEs in particular, who may not have any dedicated in-house IT staff responsible for cyber-security.
"The scheme was mandated earlier in the year for any supplier bidding for public sector contracts, and as awareness grows we expect it to be embraced by firms across all sectors. We were one of the first providers to become certified to CES Plus, so we know how helpful the process is and the improvements it can make.
"As we look forward to 2015, the threats posed remain very real. But it’s not a time to panic. Firms should prepare now by reviewing existing policies and ensuring new procedures are implemented that address the reality of the changing landscape. This will ensure they are prepared for any eventuality."