Stuart Jubb, Director at Crossword Cybersecurity
While the threat of cyber-attacks continues to grow both in volume and degrees of sophistication, complacency regarding security is still very high. Black Friday and Cyber Monday are permanent fixtures in the retail calendar, yet, it is over this festive period that cybercrime activity also increases. We caught up with Stuart Jubb, a director at Crossword Cybersecurity in London to discuss what companies could be doing to protect themselves.
Make an extra place at the boardroom table
There is a lot of complacency at board level and it’s one of the key areas we try to address at Crossword. When we go into a company and do a maturity assessment and recommend changes, increasing the level of boardroom knowledge with regards to cyber security is always high on the list. If you look at the typical board, members are generally not experienced in this area, so having someone on the board who is accountable for cybersecurity such as a Chief Information Officer is really important as it means cyber security is higher up on the agenda.
Embed a company-wide culture of cyber-risk
Broadly speaking, the biggest weakness is always the human factor. It’s very rarely the case that a hacker or hacking organisation will simply choose a company randomly and hack into it ‘cold’. When a company is growing it gets to a point where it has to think about cyber security, but that’s too reactive. Whereas if you build cybersecurity into a company’s infrastructure – but just as importantly into its culture – then you’re building your brand with people who understand the risks and who require less enforcement. Software and procedure will only get you so far – you have to cultivate a workforce so that cybersecurity is second nature. This ultimately has to come from the board.
Make cybersecurity part of your brand
With the proliferation of mobile data, devices and public networks, more public attacks are going to mean it will become increasingly important for companies to make cybersecurity a part of their brand. This brings peace of mind of both investors and customers. While it hasn’t been documented, I know that some big companies have been attacked with ransomware and have paid up; we’re talking significant amounts of money too.
It’s an unfortunate reality that until people start to understand that a cyber-attack can dramatically affect the share price of their company – and we’ve started seeing that happen with the attack on TalkTalk last year – or until there’s a company that even goes bust due to an attack, people will continue to pay lip service to cyber security. It will take time for the culture to change but if a board has someone on it who comes from a technical background, has a good budget and the right team working for them, then they raise the bar for everyone else.
Recruitment is critical
Companies are going to find that there is a massive shortage of talent when it comes to experienced cybersecurity experts and will have difficulty recognising who the better people are out there. There are a lot who talk a good game, but not that many who really know what they are doing. So finding cyber security professionals who have an excellent technical background and experience is critical. It is also important that professionals are able to work within the overall strategy of the company and they build flexible and pragmatic solutions into security.