With an incredibly important role to play in protecting businesses and consumers across the country, you might assume that the organisations that make up the UK’s cyber security industry are themselves well positioned to fight back against common threats. But are they really bastions of reliable resilience in the face of cyber criminal attacks, or are they just as vulnerable to exploitation as the clients they serve?
Keeping a Clean Sheet
While there are vast numbers of data breaches each year, with half of British businesses hit in 2017, the providers of cyber security services are themselves unlikely to suffer as significantly as the average firm. That is not to say that security specialists have avoided falling prey to attacks in the past; Russian operator Kaspersky revealed it was hit by a hack in 2015, but said that no data was exposed or serious damage done.
In Britain, cyber security providers have managed to keep a clean sheet, at least when it comes to their internal systems. Whether this state of affairs will be maintained indefinitely seems unlikely, and it is possible that some as-yet unreported scandal will emerge in the near future to shatter the veneer of competence that is currently exhibited.
Furthermore according to those in the industry it is sensible for any security firm to have its in-house systems scrutinised by external specialists via penetration testing. This is the only sure-fire way to avoid complacency.
Even with the apparent ongoing successes of the cyber security service providers which operate in the UK, there are some glaring incidences in which high profile breaches have occurred and left internationally renowned organisations looking red in the face. Most recently, hundreds of thousands of British Airways customers were impacted after an attack that saw payment card info and private details stolen.
Interestingly enough, the attack came shortly after it was decided that the airline’s in-house security would be outsourced. As such it could be argued that if it had relied on a third party provider from the start, rather than taking care of everything itself, BA may have sidestepped the breach altogether.
The Human Element
Even with the most sophisticated software and hardware tools in the world, the weak link in any cyber security system is invariably going to be the human users. This creates quite the conundrum for businesses and security providers alike, since until complete automation of core systems and access points is achieved, this vulnerability will remain in place.
The statistics bear out the truth of the matter; 88 per cent of breaches in the past 24 months originated due to a mistake made by a human. Often it can be something as simple as an email being sent to the wrong contact which leads to sensitive information leaking unexpectedly, revealing the complex challenge facing the cyber security industry. The threat posed by hackers cannot be overlooked, but it is equally vital for organisations to take seriously the need to ensure that employees and end users are adequately trained to avoid unnecessary errors and associated data loss.