Cyber threats create business risks rather than just technical ones
Cyber threats have been a persistent headache for governments, organisations and citizens for a number of years now. The increasingly digitalized world has created a huge demand for device security and the protection of intellectual property from the clutches of the cyber-crime underworld. In fact, this exponential growth has lead experts to believe that cybercrime will be one of the biggest challenges that humanity will face in the next two decades (Cybersecurity Ventures, 2017).
Rapid technological advances have provided organisations opportunities for innovation, economic growth and potential sources of efficiency. They have also exposed organisations to new and sophisticated cyber-attacks. Gone are the days when companies could pass the headaches of cyber security to the IT department. Espionage, market manipulation and infrastructure disruption are some of the more sophisticated attacks, on top of previous threats such as data breaches, extortion and vandalism. Mitigating these threats require businesses to think about - and act upon - essential cyber security measures, not least for their own protection, but for the protection of their customers also.
Data breaches rank amongst the most common cyberattacks because of the lucrative nature of selling personal information on in the black market. Since 2013, there have been over 9bn data records lost or stolen as a result of cyberattacks. Ever more sophisticated methods for stealing data are becoming apparent, highlighted by the Wannacry Ransomware attack on the NHS in 2017 and cleverly disguised Phishing emails that arrive in the inboxes of unsuspecting employees. These breaches pose devastating reputational damage for the targeted organisations for not doing enough to protect sensitive information.
Fortunately, there are steps that can be taken by any business to handle data responsibly and to minimize the reputational damage that occurs. These include: employee user awareness and training, effective management policies, supporting technology, and last but not least, internationally recognised British standards. BSI offers a host of effective best practices to help prevent cyber security dangers within organisations, such as:
The BS EN ISO/IEC 27001 family of standards dedicated to providing organizations and governments world-wide a means to risk assess and manage their information security in a way that enables them to continuously stay up-to-date
PAS 555 which involves the governance and management of cyber security risks and should be used in all data system processes and controls and are fundamental to avoiding breaches
BS 10012 and BS EN ISO/IEC 27040 which are particularly relevant to the security of personal information.
All of BSI’s Cyber Security standards are available through Standards Online (BSOL). BSOL is a cost effective solution to working with standards more efficiently. By storing a collection of standards in one place for multiple authorised personnel to access enables best practice to flow through your organisation.
BSI is an accredited Certification Body for Management System Certification and Product certification. No BSI Group company may provide management system consultancy or product consultancy that could be in breach of accreditation requirements.
Clients who have received any form of management system consultancy or product consultancy from any BSI Group company are unable to have BSI certification services within a 2 year period following completion of consultancy.