By Robbie Ross, CSO.
It’s the time of year when many people working in cyber security give their predictions regarding what they believe the next year will hold when it comes to the cyber threat.
I’ve read many of these over the years and recently watched an excellent webinar that spoke about this very subject. One of my key takeaways from this was that cyber “experts” are always looking for the next big thing, the one thing that perhaps no one else has spotted or been aware of previously. However, if you base your cyber predictions on the threat landscape you will see that there is a great deal of commonality from one year to the next. In fact, the predictions can be quite predictable with no major changes year on year. This often-over-looked fact is the reason all businesses should focus on getting the basics right.
SMEs shouldn't have to be disadvantaged
Unlike larger organisations, when it comes to preparing for these common threats there are certain resources that many SMEs cannot call upon for help. There may be no board to approach to request a security budget increase. They likely won’t have an in-house IT Department or even work with an IT provider. And they won’t have access to a media team or PR company to assist with reputation management in the event they suffer a breach.
The responsibility for taking care of cyber security can often be mixed in with other roles such as procurement, HR or Health & Safety. Never is this truer than in the case of a micro-business, where there can literally be 2 people, 2 laptops and an Office 365 subscription. The result is that cyber security is managed by non-technical personnel and while this in itself is not a problem, it does call for clearer, less technical information outlining current risks to be aware of and advice on how to deal with these.
Our 2021 commitment
So, I am not going to make any predictions about 2021 as the threats will pretty much be the same as what we have seen in 2020. Instead, I am making a commitment, both for myself and for Converged. We are committed to spending a large part of 2021 speaking to as many businesses, organisations and charities as we can, so that they fully understand what cyber security is and what it means to them personally. Of course, it’s still important to provide advice on the practical ways to improve security, but it can be easy to forget the fundamentals and we’re going to start at the grass roots.
It's time to get back to basics
I’d be a rich man if I was given a pound every time a company representative told me that they agree that cyber security is important, but they don’t know where to start and they are afraid they won’t understand it. I was fortunate to hear the founding CEO of the National Cyber Security Centre (NCSC), Ciaran Martin, speak at the Scottish Police College when I worked for Police Scotland. He made a statement that I refer to repeatedly in my presentations and that is – it is time to take away the stigma that cyber security is “techy” and “geeky”, to help people and businesses understand that we all have a part to play and that the process can be quite straightforward.
Many of us do this job for the simple reason that we don’t want to see people and businesses falling victim to cybercrime, especially when there are simple steps, they can take to protect themselves. We just have to get the message out there and tell as many people as possible, and that is what we plan to do next year.
Merry Christmas to you all and I hope that you and your families have a healthy, happy and prosperous 2021