IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
In-depth

Talking to the spooks about cyber security

Inside the enterprise: Government agency GCHQ is the latest to lend its weight to a cyber security campaign.

Security guards with sunglasses

The dangers to businesses of a cyber attack are all too real. Cybercrime is no longer just about teenage hacking, but a well-organised activity focused on financial gain.

For a large quoted company, the damage caused by an advanced attack can cost more than 100m, and wipe 12 per cent of its stock market value, according to figures from management consultants PA Consulting Group.

A separate study by Norton, a division of security software company Symantec, puts the worldwide cost of cybercrime at US$110bn (70bn), if malware and phishing attacks are taken into account.

Against this backdrop, governments worldwide are scrambling to boost their cybercrime and cyber attack defences.

In the UK, the 2010 Strategic Defence Review increased resources for fighting cyber warfare, and defending against cyber attacks is now considered as important as military programmes.

But governments are also starting to look more deeply at how cyber attacks and cybercrime can affect business. Protecting government and military assets is no longer enough. Critical national infrastructure such as power grids and transportation are in private hands. And attacks that create disruption to a large company, are bound to disrupt the wider economy.

So this week, the Department of Business, Innovation and Skills teamed up with the Government's electronic intelligence agency, GCHQ, to provide new guidance to business about defending themselves from cyber attacks.

National cyber security agencies, or CERTS, have issued guidance to businesses before. But GCHQ, through its information security arm CESG, is specifically targeting senior executives and boards.

The new advice will help companies identify their critical information assets and to understand the risks they face, at both a technical and financial level.

The agency will also issue an "Executive Companion" that will look at risk management and corporate governance, and a third briefing, covering 10 critical areas of cyber protection and prevention and deterrence of attacks.

The Government hopes the guidance will convince boards to take cybercrime and cyber threats more seriously, and will improve co-operation, both between Government and business, and between businesses themselves.

This makes sense, because when it comes to critical national infrastructure and economic assets, businesses and the public sector are interlinked: an attack on one sector is increasingly likely to damage the others.

Whether guidance from GCHQ or even a prospect of a friendly chat over tea and biscuits with the spooks will be enough to convince boards to act remains an open question. IT departments have been warning about the cyber attack risk for years, but not all boards take the threat seriously.

"The scale of the risk deserves to be managed at board level within companies, yet typically it isn't - or not at least until after a major attack has been discovered, when the cost of resolving the problem becomes much greater than it would have been had adequate protection measures been in place," warned Ed Savage, a security expert at PA Consulting.

"Taking proactive action is a better strategy than battening down the hatches and hoping to avoid it." But that, of course, means spending money.

Stephen Pritchard is a contributing editor at IT Pro

Featured Resources

The COO's pocket guide to enterprise-wide intelligent automation

Automating more cross-enterprise and expert work for a better value stream for customers

Free Download

Introducing IBM Security QRadar XDR

A comprehensive open solution in a crowded and confusing space

Free Download

2021 Gartner critical capabilities for data integration tools

How to identify the right tool in support of your data management solutions

Free Download

Unified endpoint management solutions 2021-22

Analysing the UEM landscape

Free Download

Recommended

What is zero trust?
network security

What is zero trust?

14 Jul 2022
An analysis of the European cyber threat landscape
Whitepaper

An analysis of the European cyber threat landscape

8 Jul 2022
Protecting healthcare from cybercrime
Whitepaper

Protecting healthcare from cybercrime

25 May 2022
The truth about cyber security training
Whitepaper

The truth about cyber security training

25 Apr 2022

Most Popular

Samsung proposes 11 Texas semiconductor plants worth $191 billion
Hardware

Samsung proposes 11 Texas semiconductor plants worth $191 billion

21 Jul 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Should you take your password manager off the internet?
Sponsored

Should you take your password manager off the internet?

28 Jul 2022