BDO: Is it time to stress test your cyber strategy?
14:48 02 February 2017
One of the chancellor’s Philip Hammond’s first major announcements was the launch of the updated National Cyber Security Strategy – setting out “the government’s plan to make Britain secure and resilient in cyberspace” up to 2021.
While an update of its strategy was welcome, the government could have given more support to businesses.
The strategy document includes no specific ‘guiding principle’ that points to the need for boards to have a comprehensive understanding of their data landscape and know precisely where each version of its company’s ‘crown jewels’ resides across the IT environment. This approach is fundamental if organisations want to minimise the opportunity for cyber-criminals to steal any version of the sensitive datasets or IP.
Businesses that haven’t mapped their data landscape accurately will find it is increasingly difficult to determine whether the countermeasures they have put in place are appropriate and proportionate to the risks they face (for example, are all versions held and transmitted securely?).
Although most organisations know what their ‘crown jewels’ are, they need guidance and support to help them discover the total versions of the sensitive datasets that reside across their IT environment: copies may exist in many databases, shared storage, mobile devices, their backup and disaster recovery environments, web environment, cloud environment, on laptops/PCs or sensitive data shared with third parties or stakeholders.
All boards need to demonstrate leadership and place cyber security alongside the financial wellbeing and growth targets of the business. Equally, they need to access to the deeper skills and insights available, so that they have the tools required to meet this growing challenge.
The strategy outlines the need to develop our skills and capabilities for the future. Boards need to facilitate the change required.
A good new year’s resolution for 2017 is to commission ‘stress tests’ of the arrangements your business has in place and use the results to improve your own cyber strategy. At BDO we recommend taking steps now to ensure you have a robust strategy in place and would advise seeking guidance from your usual business adviser.