Skip to main content

Kaspersky says assault on customer data is inevitable

(Image credit: Shutterstock)

Kaspersky believes collaboration among vendors and a commitment to educating staff are critical if businesses are to safeguard their data. 

The Russian security giant presented new research at an event in London attended by TechRadar Pro, revealing insight into the impact of what it calls cyber complacency (i.e. the unwillingness of businesses to act on the threat posed by cyberattacks).

Surveying businesses across the UK, Kaspersky found nearly two-thirds (65 percent) of IT professionals conceded their organisation is complacent about protecting customer data, highlighting an obvious issue.

Kaspersky believes this attitude is motivated by a dangerous cocktail of factors, including resourcing, budget and skills gap. 

Most alarming, though, is a willingness to push cybersecurity to the bottom of the agenda, in the hope an incident might never occur. In other words, businesses are basing their approach to security on the old adage ‘let’s cross that bridge when we come to it’.

Awareness of the dangers is clearly not the issue, as more than two thirds (69 percent) of businesses are concerned a breach would directly result in loss of custom. But irrespective of that fact, over half of UK organisations don’t have a cybersecurity policy in place, a figure that rises to a whopping 71 percent among medium-sized businesses.

“There’s greater awareness than there ever was before, within organisations and among the general public,” said David Emm, Kaspersky’s Principal Security Researcher. “But awareness doesn’t necessarily translate into businesses taking the appropriate action.”

Kaspersky’s job, then, is to find a way to remedy the discrepancy between awareness and action.

Back to school

Over the course of the discussion, Kaspersky, along with partners OGL and techUK, returned again and again to one topic: the critical importance of workforce education. Cybersecurity, the consensus had it, is primarily a human problem as opposed to a technical one.

Human error is at the heart of the cybersecurity equation, responsible for the vast majority of incidents. It could be as simple as an employee writing their credentials on a post-it note, or using an insecure application to view or exchange data. These scenarios are a consequence of a lack of understanding, both of the potential impact of a breach and proper data handling and security procedures.

Statistically speaking, employees are a liability when it comes to security, but this narrative appears to be changing within the security community. 

“The National Cybersecurity Centre has started to shift its language,” said Talal Rajab, Head of Cyber and National Security at techUK. “It’s no longer talking about people as the weakest link, but as the strongest. If you encourage good practice and train your staff, they can become the greatest barrier to attack.”

Whether a company has the least or most advanced technology in place, process and culture dictate the strength of a business's cybersecurity posture. A deep understanding among the rank and file of the variety of threats and the impact of a breach lays the foundation, which is built upon by technology - not the other way around.

(Image credit: Shutterstock)

Another important factor in countering cyberthreats is a willingness among the cybersecurity community to work together. After all, no vendor can boast complete oversight of the cybersecurity landscape. It follows that combining expertise is the only way to ensure businesses are supplied with the best protection. 

“The [cybercriminal community] is sharing information all the time in the dark corners of the web. We’re working with one hand tied behind our back if we’re not working collaboratively,” according to Rajab.

There is, of course, friction between the desperate need for collaboration between vendors and the need for each of them to turn a profit. “When you enter the realm of IP and proprietary tech, [collaboration] becomes a whole lot harder,” notes Emm.

The industry has to strike a balance between commercial gain, and ensuring research and development keeps pace with the rapid evolution of the threat landscape.

Ultimately, as Emm puts it, “you can’t make your home an impenetrable fortress, but you can raise the bar to a level that will prevent the majority of disasters.”

Raising the bar to this level requires an unwavering commitment to education within businesses, and an openness to collaboration among security bodies and vendors.