Cybersecurity experts are urging businesses to take their security into their own hands by educating their employees and taking the fear out of cybercrime.
Speaking at a security event hosted by cloud hosting firm UKFast, Edward Whittingham, managing director at cybersecurity company The Defence Works, said “there is a huge fear around cybersecurity which needs to be addressed before we can move forwards”.
Businesses should begin to implement their own measures to challenge initial threats in the digital landscape, and not view cybercrime as something unavoidable or unmanageable, he says.
“Cybercrime is just the evolution of ordinary crime, a cyber-enabled crime of the old type,” Whittingham added.
Kiran Bhagotra, CEO and founder at Protect Box, a cybersecurity comparison site, claims that the industry “needs to stop peddling fear” and that terms like “advanced persistent threats” do little to help businesses see security as something they have genuine control over.
The experts highlighted measures SMEs can implement to dampen the threat of fear around cybercrime. “We as business owners have a duty to look after our staff so they can look after the organisation,” said Whittingham.
“Technology will only ever stop so much,” he added, “so it also comes down to the end user and what they can do to help. Look at doing regular awareness training with your staff, carry out simulated phishing campaigns, engage with your employees so they know what type of attacks are out there and how they’re changing. Education is a huge first step in combatting the sense of fear that’s been generated.”
The comments come in the week that widely reported research from charity Business in the Community revealed 40 per cent of small businesses have no cybersecurity strategy in place whatsoever.
Noha Amin, information security awareness manager, focused on the importance of businesses “creating their own defence landscape” with the most crucial aspect being the “governance of policy, procedures and process.”
Nazia Khaleeq, founder and director at GlobeNet Security, encouraged businesses to “think of your people as a human firewall; if a phishing email comes in, the person that’s going to let it in is one of your staff who might click a link – and that’s a business problem, not a people problem.”
However, Bhagotra assured businesses to “not feel overwhelmed” by the prospect of implementing cybersecurity training measures. Her advice to small companies which perhaps don’t have the funds or infrastructure to put cybersecurity solutions in place was to “think about the training procedure as something you’re going to maintain over time to improve security, and it justifies that initial exercise.”
Although Whittingham predicted a 2019 of increased cyber-attacks, he reassured that businesses are “getting to grips with it” and starting to raise awareness amongst their staff.
He concluded: “If you’re aware of it, you’re more likely to spot it.”
The comments were made at a UKFast cybersecurity webinar in Manchester.