09 January 2017
Any organization can be vulnerable to Internet attackers. The recent U.S. presidential election is case in point. Indeed, no sector is safe unless the appropriate actions are taken.
A major threat
In the 2016 BCI Horizon Scan report, businesses placed cyber attacks as their top threat. And this threat affects all industries. Take the health-care sector, for example. There has been a dramatic increase in cyber attacks in the health-care industry. This threat is not just about health records. The software in medical devices could also be targeted by hackers. The potential effects could be deadly if, with the click of a mouse, the dosages in automatic injectable devices are changed, for example.
BSI Group has published a number of papers in recent years concerning the health-care sector and the lessons learned from data breaches. It discovered the level of security in many of the health-care companies was below what is normally found in the average home. Too often it was relatively easy for people to take screenshots of health records and put the information onto USBs, or to obtain access to highly sensitive information.
Businesses need to recognize that cybercrime offers many opportunities for criminals to make money or undermine a company’s credibility. And each year the risks grow because of the increasing reliance on mobile devices.
As BSI’s Global Product Champion John DiMaria warns: “Technology-only solutions are not the answer. The higher the complexity, the harder it is to protect” because there are likely to be more vulnerabilities for the hackers to exploit.
Companies need to take cybercrime seriously and see security compliance as a first step towards protecting themselves. They need to seek ways to engage all employees in the process and, without generating panic in the workplace, create a sense of urgency for employees to understand the need to be more vigilant.
Some security advisors are encouraging companies to pursue a holistic approach focusing on greater communication and accountability. This approach should integrate people, processes and technology.
BSI Group is involved in developing the first-ever certification to the NIST cyber security framework that involves third-party assessment and is based on ISO/IEC 27001:2013. BSI also provides a full suite of services that includes training, assessment and management system software developed to help protect organizations.