CISO’s – are you feeling under attack? Possibly not by stormtroopers but it's definitely a cyber war.
Let’s guess where you are. You’ve got the systems and processes in place. You keep staff on the ball with training, and mock phishing campaigns. And you’ve even done some work around your supply chain: your partners have ISO27001 or at least Cyber Essentials before they get close to your data. What’s left?
Let’s be honest, it’s largely the people stuff, and those from outside in particular. 74% of all breaches involved the human element, according to Verizon’s annual data breach investigation report. The ones external to your organisation, who you have less influence over, are particularly difficult. You’ve probably already identified them as a major risk.
Within your ecosystem, you’ll deal with a host of low risk suppliers. They bring in the sandwiches, repair the scuffs on the skirting, and do occasional photography. Somewhere in your procurement team, there are probably even targets to support ever smaller and more local businesses, because you’re socially responsible and you want to support your communities.
If only these people weren’t so darned risky. They’re sending invoices in. They have details of your staff, and maybe your customers. And when their emails arrive, they’re opened. Let’s hope the contents are genuine.
Although none of us was taught about cybersecurity at school, you know as a CISO that some simple things make an enormous difference. Have you told all of your suppliers about 2fa? Because lots of them don’t use it. Do they understand that threats come via mobiles, and that using business systems on a home computer isn’t a great look? Possibly not. But we can help you, and educate them.
The Cyber Resilience Centre for the South West is funded by the Home Office to support smaller businesses and charities, for free. We provide them with NCSC guidance and a simple 12 week programme to walk them through cyber basics. We’ll get them onto a call if they’re struggling, and every month we’ll send them details of the latest threats, so that they understand about credential theft, TOADs and the dangers of .zip sites. And as time passes, we’ll nudge them gently towards the benefits of cyber essentials, and demystify topics like website security with our regular webinars.
So how do you get us on board? Just ask. We’ll even phrase the email for you to send them, if you like. If you point new and existing suppliers in our direction, we can support them all, at no cost to them, or to you. And because we’re Home Office funded, police-led and not-for-profit, we will never look at our members as an income source. We don’t need to.
So please, consider dropping us a line, and we’ll see what we can do to help. It could be the easiest risk reduction strategy you implement this year.