Original content provided by BDO UK.
When it comes to business protection, cyber security should always be high on the agenda. In fact, our recent Global Risk Landscape 2022 report found that over half of respondents said their business has ramped up cyber security in response to the Russian invasion of Ukraine. Major external factors and events such as this will often prompt action – but cyber security should remain a top concern for businesses regardless of the wider geopolitical landscape.
Interestingly, business leaders we spoke to said that they were feeling more unprepared for cyber-crime than they were in previous years; they reported feeling almost twice as unprepared for the impact of a cyber security incident this year than they did in 2020 or 2021 (22% felt unprepared in 2022; 9% in 2021; and 12% in 2020).
What’s more, cyber fraud is now the third most significant type of fraud reported, according to our latest Fraud Track survey and, it’s possible that cyber-crime will become the largest source of fraudulent behaviour in years to come.
It’s clear the geopolitical landscape has brought the issue of cyber-crime to the fore. With Russia’s invasion of Ukraine and the growing threat of ransomware being two of the biggest factors impacting cyber security in 2022, there is good reason for businesses to take notice. State sponsored attacks are becoming more pronounced, while independent hackers ranging from lone wolves to organised crime gangs are also increasing in prevalence.
The headlines say it all. Businesses from many sectors have been targeted and succumbed to cyber-attacks in recent months.
As such, cyber security remains a hot topic that businesses should be acutely aware of. While there are many different types of specific threats and bugs grabbing the headlines, such as Log4J and ransomware, a lot of managing those types of threats boils down to having a solid risk and control framework that protects your business day-to-day.
What’s important is how businesses prepare for threats and how they reduce exposure as much as possible. In the past, many businesses may have worked under the assumption that no-one would want to target them; however, that mind set has begun to shift. There’s not one sector, or one type of business that’s being targeted: it’s across a broad spectrum.
It’s important that businesses act to protect themselves. The aim initially should be to get to a point where they’re not an easy target – they’re not the house on the street without a burglar alarm, so to speak – and then work to build on those foundations, all the while making your business a less appealing target for cyber-crime.
The fact is, not every business will need five star, top of the range cyber security controls, but they do need to think about what is appropriate for a business of their size and how to demonstrate that they have done enough to protect their data.
Interestingly, the biggest challenge we’re seeing at the moment amongst the Middle East businesses is the wider awareness in the market. Increasingly, questions are being asked by third party suppliers about a company’s preparedness against potential cyber threats and the likely exposure for those organisations outsourcing business to them. Companies of all shapes and sizes must recognise that cyber security needs to be addressed and that there is buy-in and executive level sponsorship from the very start.
So what are the first steps to improving your cyber security?
Your journey to full cyber-security assurance starts with an understanding of your assets and their associated business risks. You need to identify and assess weaknesses in your cyber security, as well as managing any issues around compliance with the latest regulations. Through a data-driven assessment against your technologies and controls, it will rank each area with its own risk grading to a cyber-attack. This will give you a clear, comprehensive, real-time understanding of your business risk in each assessed area and how to mitigate these risks. This assessment will help you to:
- Understand your business’s cyber risk exposure by evaluating people, processes and technology
- Identify gaps in compliance
- Advise on appropriate protection levels around critical assets
- Improve strategic resource allocation for cost-effective risk reduction
- Design appropriate cyber responses and strategies.
- Real-time grading of your short, medium, and long-term vulnerabilities
Once you understand your exposure to cyber security risks, you can begin to address those risks - developing your cyber strategy and defining the appropriate responses to reduce cyber risks to acceptable levels. It will give you a clear roadmap and help you to prioritise your efforts and resources strategically.
Subscribe to receive the latest BDO News and Insights
Please fill out the following form to access the download.