How cyber-attacks affect local and national businesses – The Rt. Hon. James Morris MP visits Midland based experts to find out.

Midland based Cyber/Information Security Consultancy and members of the Malvern Cyber Security Cluster, Advent IM announce a forthcoming visit from Halesowen and Rowley Regis MP, James Morris.

The visit is planned for the Advent IM Offices and Training Centre on February 20th at 11.30am. 5 Coombs Wood Court, Steel Park Road, Halesowen B62 8BF.

This visit will afford Mr Morris the opportunity to understand the impact of cyber security threats to businesses and public bodies in his constituency and their supply chain partners. He will also meet members of the team dedicated to improving organisational cyber security practice both nationally and internationally, through high quality consultancy and training.

Understanding cyber threat and the resultant risk to business is vital in the fight against cybercrime and data loss. Many research papers and surveys have been produced on the topic and if we were to select just one to illustrate the scope of the problem – According to Ponemon Institute research on corporate information security, “Corporate Data: A Protected Asset or a Ticking Time Bomb?” some major issues need to be addressed as a matter of urgency. Some of these include:

  1. 71% of all surveyed users found they had access to information that they shouldn’t have and 4 in 5 of the IT professionals who responded confirmed this poor practice by saying that their organisation did not use a ‘need to know’ data policy.
  2. Almost half of total respondents believed that the Data Protection controls and oversight were weak
  3. Almost 80% of respondents thought it was acceptable to transfer confidential documents to potentially insecure devices.

Segregation of data and appropriate access controls limit what users can find and use and also controls where hackers may be able to move if they actually do manage to gain network access. If end users can see gaps in security as evidenced in point 2, you can guarantee hackers will too.

Point 3 reveals that poor practice, lack of governance and poor or non-existent training are creating a perfect environment for cyber criminals to exploit in order to attack businesses.

If technical security hygiene is also found to be lacking e.g.  out of date and/or unpatched software in use, no effective and updated anti-malware in place, systems and networks untested by regular IT Health Check including penetration testing, then any incursion from outside forces will be successfully executed and organisational information assets will be completely compromised. This can include staff personal information, as it did with the Target breach and that of clients and other supply chain partners.

Managing Director Mike Gillespie said, “Businesses are connected by the internet all over the world; local businesses may have supply chain partners thousands of miles away just as frequently as down the road. Organisations have a responsibility to each other to make sure they are taking adequate precautions both technically and corporately to ensure their information assets are properly secured”

We will be discussing this and other cyber security issues affecting the local community with Mr Morris during his visit.

Issued:  12.02.15                             Ends                                     Ref: VIP-200215- Advent

NOTES TO EDITORS

About Advent IM

Advent IM is an independent specialist consultancy, focusing on holistic security management solutions for information, people and physical assets, across both the public and private sectors. Established in 2002, Advent IM is a centre of excellence for security services, promoting the benefits of best practice guidelines and standards and the need to address risk management to protect against potential threats. Mike Gillespie is MD of Advent IM, Director of Cyber Strategy and Research for The Security Institute and a member of the CSCSS Global Cyber Security Select Committee.
From its offices in the Midlands and London, its Consultants work nationwide and are members of the CESG Listed Advisor Scheme (CLAS), Institute of Information Security Professionals (IISP), The Security Institute (SyI), Business Continuity Institute and British Computer Society.

Consultants are also Lead Auditors for the International standard for information security management (ISO 27001) and business continuity management (ISO 22301), Practitioners of PRINCE2, a recognised project

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s