Why now is the best time to look at and analyse your firm’s cybersecurity posture
With an ever-increasing reliance on cloud-based and network storage and an ever-decreasing pile of receipts, cash memos, and invoices to hide behind, the threat of cyber-attack is looming large over the financial sector.
The CyberEdge 2022 Cyberthreat Defence Report (CDR) shows that over 80% of UK organisations experienced at least one successful cyber attack between 2021 and 2022.
Additionally, recent figures show that over 73% of UK organisations have had to contend with a ransomware attack; this is where malware denies users access to files within their computer or network, encrypting them and demanding a ‘ransom’ before these are released.
This is an increase of 15% over 2021, and with accountancy being an integral part of economies across the globe, and this work bringing a wealth of confidential information and data, this makes a tempting target for threat actors.
This means that now is the best time for organisations to look at and analyse their cybersecurity posture. Initiating this process, however, can often be the hardest part if you are unsure where to start.
No business can be completely cyber safe; however, an analysis of the systems and security mechanisms your organisation currently has in place can be a start; this can be achieved with the help of Cyber and Governance standards. Within the UK, the National Cybersecurity Centre (NCSC) has generated the Cyber Essentials (CE), and Cyber Essentials Plus (CEP) schemes to help companies and organisations protect themselves against a range of different attacks.
With CE being a self-assessment that helps you analyse where you currently stand, asking pertinent questions surrounding features such as encryption, Multi-Factor Authentication (MFA), and Patch management, this can help bring a business up to speed and assist in protecting them. From there, CEP is an audited assessment by a company such as PureCyber, taking the information presented with CE and having Cyber Professionals test the technical controls in place within the business. Both standards bring certification that can bring peace of mind to suppliers and customers alike.
From this point the next steps would be to look at risk-based governance assessments, such as the ISO 27000 family of standards, or the IASME Cyber Assurance standard. These are risk management standards that set out specific strategic processes that can help a company analyse and mitigate the risks present within their company that reach beyond the more technical views and controls within CE and CEP. Both a technical and organisational approach to your Cyber Posture can be a fantastic place to start in reducing your threat index as an organisation.
Following on from conversations with members at Accountex, PureCyber has assessed how it can provide accessible, understandable and affordable cybersecurity services to businesses regardless of size, sector or location. It has taken feedback on how to support micro and small businesses on their cyber journey, and has launched a new subscription service that spreads the costs of achieving your Cyber Essentials, Cyber Essentials Plus, Major Incident Support and provides access to Awareness Training.
Find out more about what PureCyber has to offer.