Skip to content

Three ways to overcome next gen cyber attacks

The next generation of cyber threats are already emerging, how can embattled businesses best protect their customers, people, places and things?

Prioritise security, test your policies and make GDPR part of your business as usual.

It is a particularly interesting time in history to be thinking about cyber security and how to protect your business from emerging threats. Over the last year cyber issues have asserted their prominence in the public eye. With big breaches, such as the 50 million Facebook accounts recently exposed by a system flaw, hitting the headlines with alarming frequency and new regulations such as GDPR in operation - organisations and individuals alike are being forced to spend some time reflecting on the whereabouts of their data.

In our Cyber Ready Barometer report we spoke to around 1500 businesses across 9 countries, and discovered only one in four businesses had robust enough security in place to be considered ‘Cyber Ready’. We define Cyber Readiness as being able to effectively secure their business and continue to operate in the face of the range of threats and challenges.

Furthermore, we found out that a concerning 14% are currently very unprepared to handle the current threat environment. We didn’t just speak to business decision-makers either, we extended the conversation to over 3000 employees and consumers as well, uncovering some fascinating insights into what is actually going on inside businesses and exposing a stark disconnect between employers and their employees when it comes to security.

While connecting exponentially more people, places and things is having hugely positive effects on efficiency and collaboration within businesses, these developments are exposing some shortcomings in the vital human aspect of security. As businesses strive to reap the benefits of digital transformation, are bad habits or practices from the past threatening their future?

In a previous blog, we pointed out some of the new types of attack coming our way, but how ready are businesses today to face them? How can they up their game at this important moment in history, to better protect themselves and their customers – becoming truly Cyber Ready? Here are three areas of focus all security leaders should consider.

1. Prioritise security and reap the rewards
In the era of digitalisation, security must be a top priority. It’s not enough to do the bare minimum and it’s certainly not a box-ticking exercise. The cybercrime industry has skyrocketed in value and has long since overtaken the global drugs trade: data is invaluable, it’s everywhere, and criminals want it. With so much at risk, protecting data can’t be a task for the IT team alone anymore, it must be a company-wide effort. EUROPOL’s latest Internet Organised Crime Report (IOCTA 2018) confirms that the sophistication of Organised Crime Groups (OCGs) is still on the rise, and they are increasingly targeting small businesses as well as large. If organisations and their employees are struggling with current threats, how are they going to keep up with this rapidly evolving threat environment? They must prioritise security in every element of the business.

To keep up with highly-adaptable OCGs, security functions in businesses must become more flexible. However, this flexibility is often constrained by tight budgets and lack of prioritisation. Our Cyber Ready Barometer research did find that the proportion of IT-budgets focused on security is increasing, driven principally by increasing security threats (55% of respondents), minimising risks to reputation (43%) and the greater use of cloud (43%).

However, with only 29% of businesses feeling ready for the future, it’s clear there’s still work to be done. Failure to prioritise security increases the risk of a breach, which will be accompanied by large fines, compensation claims and reputational damage. The average data breach is costing organisations in the region of $3.86 million globally according to research conducted by the Poneman Institute.

Interestingly, there is an added opportunity cost for those business that overlook security. Our research found a strong correlation between high levels of Cyber Readiness and achieving positive business outcomes and competitive advantage. Consumers ARE willing to pay more if you can ensure their data will be secure - so invest, be flexible, and make sure you can deliver.

Cyber Ready businesses also exhibited a high degree of trust from stakeholders (an average of 4.3/5), and 47% reported annual revenue increases of more than 5% in the last year. Businesses classed as having Advanced readiness levels (the top 5% of all businesses surveyed measured on the Cyber Ready Index) excelled further, achieving even higher stakeholder trust (4.8/5), and 58% experienced revenue growth of over 5%.

Conversely, organisations rated as having Basic Cyber Readiness (the lowest classification) saw lower stakeholder trust, on average of 3.1, while only 22% reported 5% revenue growth. Here lies an opportunity for firms to take advantage of security’s newly found prominence in the press and create a compelling business case for investment.

2. Put the right security policies in place and enshrine security into your culture
Once you have prioritised security and are dedicating the required level of resources, you can begin to put the right set of security policies in place to deal with new threats. A survey by the Department of Culture, Media and Sport (The Cyber Security Breaches Survey 2017) showed that 26% of business leaders lack the awareness of what to do when a security incident occurs, who to report it to and why they should report it. There are a number of frameworks that are a clear starting point, for example the Cyber Essentials/Cyber Essentials Plus in the UK.

Putting clear policies in place and ensuring every employee knows what to do in the event of a breach can hugely mitigate the impact, so why are so many business leaders still in the dark?

It doesn’t stop at simply having the right policies, because if your staff don’t know about them or follow them, they’re effectively worthless. The Vodafone Cyber Ready Barometer research highlighted a worrying disconnect between business and employee views of working practices and behaviours. We found that less than half of employees reported that official policy is followed by all staff, and 42% of employers stated that information security is just a box-ticking exercise. Great news for hackers, terrible news for businesses and customers.

Furthermore, research by IronScales showed that phishing scams account for up to 95% of successful cyberattacks worldwide. Are your staff trained to spot them?

Worryingly, many businesses still see it as a one-off fix, but phishing attacks are becoming so sophisticated and their consequences so drastic, that employees now need continuous training to keep up and spot new types of scam. It’s time businesses started testing their own employees and enshrining security into their culture. Imitate these emails, test the percentage of the workforce that report them as suspicious, and punish common offenders.

There are some great frameworks and industry guidance complimented by training courses and certifications that can help in this respect, so make sure you use them, such as Infosecurity’s Top 10 Ways to Detect Phishing.

3. Take GDPR seriously and make it part of your BAU activities
After years of discussion and debate, GDPR finally landed and now serves to protect the data of EU data subjects (citizens) worldwide. While it’s not going to solve the problem in a day, it is a step in the right direction to change the way organisations think about their customers’ data. We’ve spent the last thirty years embracing technology and revelling in its benefits, without taking a conscious look at where our data is, what it’s being used for, and how protected it is. GDPR is this conscious step back. Take the new regulation seriously and take stock of the data you have of your customers. Only then will you be on your way to being able to protect it. It’s essential to ensure continual GDPR compliance and improvements are part of your Business as Usual activities.

To summarise, change is on the horizon: governments and organisations are beginning to understand the seriousness (and scale) of the threats, and new legislation is putting pressure on them to comply. Everyone in an organisation from sales to marketing to technical personnel are being forced to take responsibility for security. However, it isn’t going to be an easy transformation until cyber security is given the priority it requires. Far too many employees and business leaders don’t understand the threats themselves, nor what to do if they materialise, and with only 24% of businesses are Cyber Ready there is clearly work to be done.

Security functions need to take some lessons from the hackers themselves and become tech-savvy and flexible enough to adapt to new technology and an evolving threat environment. Only then will we be able to win the race.

So truly prioritise security, get the right policies in place, and continually educate your workforce – three big tasks, but ones that are critical to secure your business against the next-generation of threats.

Get the latest insights straight to your inbox

Keep up with the latest insights, tech trends, offers and events
main_icn_24_7_support 360-view 4g main_icn_Accessories main_icn_Add_or_Plus main_icn_Apps arrow-left arrow-right market_icn_Battery bill-or-report-mid block blog-hi-dark broadband-device-hi-dark broadband-mid broadband-device business calendar market_icn_Minutes main_icn_Camera main_icn_Chat cherries-points main_icn_Chevron_down main_icn_Chevron_left main_icn_Chevron_right main_icn_Chevron_up clock-hi-dark main_icn_Clock_or_Timed main_icn_Close community-or-foundation-mid main_icn_Community_or_Foundation connectivity converged-proposition customer-care dashboard-hi dashboard-mid main_icn_Dashboard data-mid market_icn_Data_Sharing market_icn_Deals main_icn_Delete delivery main_icn_Dislike document-mid main_icn_Download main_icn_Edit entertainment-hi-dark error-circle error-simple main_icn_Social_Facebook main_icn_Filter main_icn_Filter social-google-plus help-hi_1 help home-02-hi info-circle infographic-hi-dark country-or-international-hi-dark landline-or-call-mid main_icn_Landline_or_Call main_icn_Like market_icn_LinkedIn location-hi main_icn_Location mail-new-hi-dark mail-read-hi-dark mail-new market_icn_Screen_size main_icn_Menu market_icn_SMS mobile-broadband mobile-hi-dark mobile-mid main_icn_Mobile my-vodafone-mid main_icn_My_Vodafone network-signal-hi-dark network-signal-hi network-signal-mid main_icn_Network_signal offer-badge-percent market_icn_Offer_badge main_icn_Pause payg-hi-dark payg-hi payg-mid main_icn_PAYG social-paypal main_icn_Photos pie-chart play-hi-dark main_icn_Play_circle main_icn_Play_arrow main_icn_Add_or_Plus print main_icn_Privacy 0_rating 5_rating main_icn_Ratings record-hi-dark refresh main_icn_Bill_or_Report main_icn_Reports return-product roaming-hi-dark roaming-mid main_icn_Roaming search-hi-dark main_icn_Search security-hi-dark security-hi security-mid main_icn_Security settings-hi-dark settings-hi share shopping-trolley shopping sim-mid main_icn_SIM market_icn_SIM_Swap social-facebook social-google-plus social-linkedin social-twitter social-youtube main_icn_Student tail [Converted] text-mid main_icn_Text thumbs-hi-dark tick main_icn_Tick_simple top-up-hi-dark top-up-hi top-up-mid main_icn_Top_up tv-hi-dark main_icn_TV main_icn_Social_Twitter users main_icn_Viewed market_icn_Vodafone_store voice-of-vodafone-alerts-mid voice-of-vodafone-alerts warning-hi-dark warning-hi-dark warning weight white-paper-mid country-or-international-mid market_icn_Multinational social-youtube VF_Logo