The WannaCry virus that attacked the NHS and multiple businesses worldwide in May has placed cyber security firmly in the spotlight.
Following the attack, much discussion has taken place as to whether it could have been prevented and what measures businesses should have implemented in order to guard against the effects of the virus.
Cyber security auditors have traditionally carried out assessments of cyber security systems, ensuring that the appropriate standards and requirements have been met. However, this exercise frequently just involves checking that a firewall is present, and that a plan is in place to backup a system regularly.
This technique may not now be sufficient, with concerns that it focuses more on what type of equipment is being used, rather than on how well the devices and processes are working – the major issue of cyber security. Moving forward, companies should create a cyber security policy, and prioritise it as a boardroom issue. In turn, auditors need to improve their performance in order to give senior leaders confidence in their cyber security assessment.
Finance is key
Financing cyber security is another important issue to consider. Finance directors are under increasing pressure to release funds to enhance an organisation’s cyber security, but finance departments are already stretched from currency trade volatility, as well as economic political instability. To counter future attacks, security systems must be able to monitor activity on a continuous basis in order to detect unusual activity. Companies must also strengthen their information sharing partnerships, fostering links with other organisations to defend against attacks.