Thursday, 1 October 2015
Balanced approach to Cyber Risk
They say that it is a recession when your neighbour get fired and a depression when you get fired. Similarly IP protection tends to be front of mind when an issue emerges for an individual or company.
This excellent article from Chris Blackhurst in the Evening Standard illustrates the problem very well.
For a variety of reasons such as resourcing issues in the Police and corporate entities not wanting to end up with liability in an area they don't really grasp as yet (and therefore not engaging with the problem) there is a perception that cyber crime is much more difficult to resolve than others.
At the corporate level standards such as ISO 27001 have emerged which contains guidance such as;
"Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organisation's exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk".
For a medium to large corporate with dedicated IT function this may be helpful but for an SME this guidance probably seems very circular in nature unless there is a pretty high degree of knowledge of the risks to start with.
Reactions to cyber risk from TV companies to one man bands vary from denial to dusting off the typewriter and carrier pigeon and banning the internet and mobile devices. Budgets are possibly squeezed from the legal and IT budgets to deal with an issue that simply did not really exist 10 years ago.
Neither denial nor dashing off to a log cabin makes a lot of sense when cyber risk can be reduced by taking pre-emptive action to ensure that the very obvious vulnerabilities have been addressed. The equivalent of leaving the car keys in the ignition with the doors unlocked.
To discuss this further please contact us at KLipcorp IP.