Magnet+ managing director John Delves on five questions about cybersecurity that a CEO or business owner should know the answer to … but most don’t.
We’re going to deal with a number of cybersecurity related questions in this piece, but the first one we ask is probably the most pertinent – at a time when cybersecurity has never been more important, why do one fifth of Irish businesses still have no cyber security policy?
I’ve been thinking about this a lot since the statistic was revealed in the research we conducted recently at Magnet+ and the reason it’s so concerning is because it means that up to 250,000 SMES nationwide (50,000+ businesses in Ireland), are without a cybersecurity policy.
“When it comes to responsibility for cyber and IT security in Irish businesses, it is essential to have a dedicated person who is responsible for the role”
At a time when the risk of a cyberattack – and the potentially disastrous business consequences – is greater than ever before, there is no excuse for businesses not to prioritise the safety of their network data. Cybersecurity is one of the most important functions in any enterprise as it ensures business continuity and development and protects business assets such as customers’ and employees’ personal information. Therefore, it is worrying to see that some companies still don’t see the importance of protecting themselves against such a threat.
After much reflection, I think there are a few key reasons for this lack of investment, and interest, in cybersecurity – one of them being that some business leaders just don’t want worry about cybersecurity risks until it’s too late. This thinking has to change.
Time to talk business
When it comes to businesses who have experienced a cyberattack, most don’t want to talk about it due to fear of damage to their brand or reputation – we need to get better at this. We should encourage our internal teams to communicate when this happens and urge company CIO/IT managers to talk to their peers in other companies, share approaches and establish best practice on how to manage a cyber-attack.
Another factor that discourages people learning and understanding cybersecurity is the jargon – tech jargon makes it much more intimidating than it needs to be. In many ways it is often very practical measures that need to be put in place – with this in mind, I’ll try and keep the jargon to a minimum in this piece!
For organisations with no cybersecurity system in place, the potential damage that could be caused by an attack may be irreversible. Our research revealed that 28% of businesses say it’s difficult to make a business case for management to invest in cyber security when, in fact, it should be a key focus.
Cybersecurity must become a core part of every CEO and business leader’s day-to-day job, as much as finance, sales, and other key organisational operations. Ultimately, as the leader of your business you have a responsibility to your board, your team and yourself to make sure that you understand this. For example, I am not a CFO but I have to understand our P&L as part of my role. I get great support from my CFO but ultimately, I need to understand the numbers. The same goes for cybersecurity, while you don’t need to become a ‘tech expert’, you need to understand the basic concepts and be able to ask the right questions – hopefully the below will be a good starting point.
So, on that basis, I’ve outlined five key questions a CEO, Managing Director or business owner should be asking of their organisation now, to ensure they are taking appropriate actions to secure their most valuable information assets.
Who is responsible for cybersecurity in your business?
When it comes to responsibility for cyber and IT security in Irish businesses, it is essential to have a dedicated person who is responsible for the role. Our recent cybersecurity survey revealed a significant lack of clarity around this, with almost 30% of respondents saying that the business owner or office manager was responsible, while 13% say they either didn’t know who was responsible or that no one was responsible. So, before you even start researching security solutions, the first step you need to implement is to appoint someone who has responsibility for cybersecurity and ensure that all employees are aware of who this is. It’s also important to note that there are resources and plans to support every size of business.
Where are we getting our cybersecurity updates and information from?
When it comes to keeping up to date on cybersecurity, it is crucial all sources of information are credible and current. This isn’t always the case. Our recent survey showed that one quarter of businesses say they rely on social media or blogs for information, while 13% say they don’t keep informed at all. This is quite concerning, as we are all aware that these sources of information are not always reliable. If your sources are credible, you can be safe in the knowledge that you are equipped to act decisively and speedily should a hack occur. A few of my go-to information sources include IT Security Guru, Security Weekly and the website for the National Cyber Security Centre (NCSC) Ireland.
Is the entire team trained in cybersecurity education?
Many employers just seem to assume that employees will know what they should and shouldn’t do when it comes to cybersecurity. They don’t. Online scams are more sophisticated than ever these days, which is why so many people still inadvertently click on a bogus email link, often causing an attack or breach. The only way to address this is to ensure all team members engage in specific awareness training for cybersecurity. Again, it’s important to see this as an investment as opposed to a cost.
Have we carried out a risk assessment recently?
Our survey showed that just 16% of businesses have hired experts to conduct a cyber risk assessment to identify potential issues with their security policies, processes, plans, and procedures.
By conducting regular penetration testing, you will also be able to identify any exploitable gaps and resolve any weaknesses before any real damage is done. By mimicking the actions of the most effective cyber criminals, the assessment examines the entire network, identifies vulnerabilities and offers advice on where the business should implement any extra required precautions.
To assist Irish businesses in this regard, Magnet+ is currently offering free vulnerability scans. Check out https://www.magnetplus.ie/business/cybersecurity/ for more details.
How much budget have we allocated to cybersecurity and is it enough?
Our survey showed that almost one third (83,000) of Irish businesses allocated less than 10% of their IT budget to cyber security measures in 2021 and this trend is unlikely to change in the short term, with 38% saying they have not increased their budget for 2022. A further 37% say they have no idea if they have increased their budget or not for this year. Just 25% of businesses say they have increased their cyber security budget for 2022.
Allocating budget to cybersecurity measures doesn’t mean you need to break the bank, but you do need to ensure you are adequately covered. A number of factors will need to be taken into consideration such as the number of employees in the business, the number of locations involved or whether or not you sell online.
Business owners need to prepare for the inevitable and start seeing their investment in cybersecurity as an asset as opposed to a cost. Remember, if you have little or no cybersecurity in place, the potential damage that could be caused from a hacking incident could end up costing significantly more than it would have to implement a security process in the first place.
By asking these five questions, a CEO or business owner is taking the first steps on the important journey to protect the future of their business. By understanding the core principles of cybersecurity and ensuring an investment in cybersecurity is a top priority, the business will then be prepared for any potential cybersecurity attack and prevent a detrimental impact – financial or otherwise – on the business.
Magnet+ recently announced a new partnership with international IT, communications and technology innovator Exponential-e, making Magnet+ the first telecommunications company in Ireland to add a full cyber security service to its suite of connectivity solutions.
The move means that Magnet+ customers can now get their connectivity and security requirements from the one provider – and be secure in the knowledge that as well as benefiting from world class technical expertise, their business will have the highest level of cyber security controls possible to protect against any vulnerabilities, threats or breaches.