Why is it becoming so vital to equip your staff with the training and knowledge to be more cyber aware and ultimately cyber-resilient?
At the end of 2017, the National Cyber Security Centre (NCSC), an offshoot of GCHQ, revealed that the ‘WannaCry’ hack – which knocked out thousands of NHS computers in May 2017 and forced vital operations to be cancelled – was the work of North Korea.
In addition, in mid-February 2018, Defence Secretary Gavin Williamson blamed Russia for June 2017’s ‘NotPetya’ hack, which disabled computers in Ukraine before spreading across Europe, costing businesses £1.2 billion.
But these cyber-attacks are not just global battles between 'state-sponsored spooks', which happen to be calamitous for critical national infrastructure.
Clearly, the economic impact on a state like the UK and its commercial ecosystem can be catastrophic. For example, in 2010, the ‘Stuxnet’ attack, reportedly by Israel, crippled Iran’s nuclear programme by destroying the sensitive centrifuges it used to enrich uranium. In 2012, a single employee clicking on an internet link triggered the collapse of Saudi oil giant Aramco’s entire IT network. The attack, blamed on Iran, wiped data from 35,000 computers, forcing the firm to revert to typewriters and faxes for five months. In December 2016, the Russian ‘Crash Override’ hack cut power to 100,000 Ukrainian homes.
What is becoming more overt is the threat to economic wellbeing, at an enterprise level for companies as well as individuals. As David Rose reported in the Mail on Sunday, North Korea – which allegedly has a special department devoted to raising money through organized crime – was accused of the £380 million digital theft from Japan’s Coincheck crypto-currency exchange, arguably the largest in history.
Consequently – and as General Sir Nick Carter, Chief of the General Staff warned – cyber warfare can be waged not only on the battlefield, but also to disrupt normal people’s lives.
Clearly, cyber is not just for 'Spooks'.
So, what can we do to address the business and personal risks? What mitigations can we put in place to protect the companies that provide our livelihoods and secure our own personal wealth and assets?
The RESILIA® suite, developed by AXELOS Global Best Practice, is part of that commercial armoury. For example, RESILIA Professional enables you to understand how you can contribute to effective cyber resilience using your organization’s existing processes and standards. For those responsible for commercial IT and compliance, RESILIA Professional certification will help the organization or enterprise to:
- Design and deliver cyber resilient strategies and services in line with business needs
- Integrate cyber resilience into existing systems and processes
- Establish a common language for cyber resilience across the organization
- Minimize the damage from a security breach and enable speedy response and recovery.
And for the individual who needs to avoid social engineering pitfalls and falling for the ruses that brought Aramco to its knees, the AXELOS blog post ‘cyber-resilience-all-about-behaviours’, written by Nick Wilding, General Manager, Cyber Resilience or RESILIA Frontline, a GCHQ Certified Training (GCT) provider of cyber security awareness training for all staff, is worth serious consideration. Organizations are increasingly becoming aware that in providing regular and ongoing training, their people can become their greatest defence against cyber attacks.
State-sponsored cyber attacks or organized cyber-crime may appear to be played out by national agents on a global stage. But the responsibility for cyber security goes beyond your organization’s usual suspects in the IT team. We all need the right skills, training and behaviours to minimize the cyber-crime threats we face daily.
About the author
John Tibble is a Director in Capita Transformation's Secure Government market team.
He believes successful transformation unleashes energy, creates exhilaration and offers unexpected new leadership opportunities. He think the risks of a digital lifestyle can be mitigated by creative awareness raising and sensible precautions; and that these are simple investments to make to enhancing consumer insights and developing citizen rights and responsibilities.
More AXELOS Blog Posts from John Tibble
Austerity, convergence and leadership deficit – transformational change trends for 2018
Why people are at the heart of your cyber security
5 Change Mistakes a Good Programme Manager Won’t Make