CYBER SECURITY
businessinfomag.uk
magazine
12
BI
:
The cyber-security industry tries
to engage people through fear,
and I think that might be counter-
productive.
AK:
There are two unfortunate
consequences to using fear, uncertainty
and doubt as a gambit. The first is that
you scare people into paralysis and the
second is that people get a very unclear
view of what the risk is. Scare tactics
cloud your ability to make a clear,
risk-based decision and put you at the
whim of the cyber-attack du jour – is
it ransomware this month?; is there a
GDPR risk?; are we facing a huge new
wave of cyber-crime? People need to
take a more structured approach and
think about what their risk profile is.
Fear, uncertainty and doubt (FUD)
clouds the issue and forces people into
reactive, emotional behaviour.
BI
:
In your report you outline the
four steps businesses should take
to become ‘cyber-ready’, including
understanding the cyber risk, building
a cyber-ready culture, building a
cyber security operations function
and creating a cyber response and
data recovery strategy. Taking these
steps, especially the last one, helps
protect a business from much more
than just cyber threats.
AK:
Absolutely. A business could
suffer an inadvertent rather than a
malicious mistake or outage. One of
the most important things you can
do as an organisation is to practise
and understand how you respond in
a crisis. Communicating effectively
to stakeholders and consumers and
working with law enforcement is one
thing; restoring your organisation’s data
and systems and putting in resilience is
just as important. A business can’t just
stop operating for two or three weeks
while it works stuff out. That’s one of
the things we really focus on – it’s not
just the response, as vitally important
as that may be; it’s the ability to restore
service, to maintain communication
with your customers and to enable
people to continue to do their jobs. That
is as important to resilience as front-end
protection, monitoring and detection.
BI
:
What advice do you have for SMEs
looking for a cyber-security supplier;
what sort of things should they look
for?
AK:
Pick a provider that you already
have a relationship with, somebody who
can help you through those four stages
we have identified, who can help you
understand your risk and help you build
security into your organisation. Security
isn't just a back-office exercise, it relates
to how every employee connects with
each other, how they all communicate,
how they work together, how they share
information with partners.
That’s one of the reasons we at
Vodafone think we've got such a
different and interesting role to play in
the cyber conversation. At its heart, it’s
about people using data, communicating
the value of that data to create new
business models and to enhance and
change old business models. My advice
is to allow one or two providers to
help you understand your risk and put
operational controls in place.
For SMEs, these can’t be expert-to-
expert solutions, so one of the things
we've done is bundle a package of
specific security solutions so that they
all work together – managing your
mobile data, managing your mobile
estate, managing and understanding
how you’re using a variety of cloud
providers. There is huge confusion
and complexity in managing a lot of
different suppliers, so finding a cyber-
security partner who can curate those
experiences and those services for you is
quite high on the list.
BI
:
Presumably Vodafone is one such
supplier, or do you just cover one part
of the picture?
AK:
That speaks directly to why we’re
really excited by this research. There
are very few organisations that touch
every bit of that data journey and
that digital story.We think we’re one
of the few that does.We do two big
things: we invest heavily in building
security into all of our products – secure
by design; we also understand that
everybody faces a slightly different
threat environment, so we need security
services on top of that, right across our
portfolio. That’s why we think we’re
particularly well placed to talk to people
about the challenges they face, be it
a multinational global organisation, a
government body or a small business.
A massive proportion of our business
is made up of smaller organisations,
SOHO and SMEs that have a different
set of challenges but are just as likely to
be targeted by cyber criminals.We think
there's an important role for Vodafone
to play in that dialogue.
BI
:
Have the findings of this survey
changed how you approach cyber
security?
AK:
There are two things that really
stand out for me, which will inform
out future strategy and how we
communicate with our customers.
The first is that 41% of large
enterprises and 60% of SMEs are
unsure about who can help them with
information security challenges. For me,
that is an industry-wide cry for help
that we need to address. Vodafone can
take a leadership role in that.
The second, slightly different one
is the change in attitudes to data
security. The difference in the attitudes
of different generations to data loss is
quite marked: 63% of over 55 year-
olds, today’s decision-makers, fear
the loss of data, but among the under
35s the figure is just 40%.We have
an educational and a generational
challenge to overcome. People must
be allowed to use security to address
business challenges, but at the same
time they mustn’t be paralysed with
fear over loss of data.
The full report
Cyber Security:
The Innovation Accelerator
can be
downloaded at
/
business/cybersecurityresearch
41% of large
enterprises and
60% of SMEs
are unsure
about who can
help them with
information
security
challenges
...continued
CyberSecurity:
The Innovation
Accelerator
Global research intothe links
betweenstrongcybersecurity
andbusinessdecision-making,
growthand innovation
Vodafone
Power to you
