The Public Accounts Committee has made it clear that the Government is moving too slowly in its actions to protect the nation against cyber attacks. At the same time the Secretary for Defence makes the threat more pertinent and makes it clear that we are under constant attack from state sponsored hacking.
The only conclusion we can reach is that the responsibility rests with each of us to protect ourselves and our own organisations. The Government cannot do it on our behalf. The alphabet soup of state organisations, committees, law enforcement and intelligence will naturally focus on the critical national infrastructure and not on your lists of customers, suppliers or employees. That is your responsibility.
The EU is doing its sclerotic best and punitive regulations are in the process of being adopted across Europe. But, I am sure, this is only the beginning. As the lights go on across Europe and both government and private industry recognise that ALL are vulnerable, then new requirements concerning not only cyber protection, but also business continuity and resilience, will be introduced and enforced.
Putting in place robust protection against cyber attacks is the responsibility of all organisations. But with the inevitability that some of the millions of daily attacks will get through to almost business, plans also need to be put in place to handle the consequences of a cyber attack.
Isolating your network from the internet, reaching out to employees, supply chain partners and customers with information about what is happening. Alternative channels of communications when your own have been compromised. All these responses need to be considered and plans put in place to make sure that when the worst happens, your business can get back to business as usual as quickly as possible and survive the impact.
Help is out there in the industry and it is incumbent upon management to make use of it. The time of surprise attacks is over. We should now be fighting a defensive war.
Don’t get caught out. Seek help!