It would be hard to be unaware of the recent hacking scandal which hit the NHS and other organisation across Europe last Friday. It’s not often a news story grips the nation quite like this one, and we are very conscious that the knock-on effects were devastating for some people – so our thoughts go out to everyone who was impacted, in terms of cancelled treatment or limited access to emergency services.
This incident clearly highlighted that cyber-crime is a very real threat for all types of organisation, whether public or private sector - so if you ever thought that some kind of major incident was unlikely to affect your business, now is most definitely the time to think again. What is particularly worrying was the fact that the ‘fix’ – albeit potentially short term – was almost accidental, and discovered by someone totally unrelated to the IT departments of the businesses which were affected. Which begs the question – why was that type of expertise not available in house, ready to leap into action the minute something untoward was detected?
It’s very easy to point the finger in retrospect – ‘bolting stable doors’ and other similar analogies spring to mind. But that doesn’t mean you shouldn’t act on the experience, and take a long hard look at your own capability to deal with a similar crisis, whatever the size of your organisation. The reality is that these hackers are getting smarter all the time, and while it’s nice to think that your own IT security is up to scratch, the reality may be quite different. Not every IT expert is a cyber security expert – and those same IT specialists may be less than willing to admit that their lack of knowledge in this department could leave your business vulnerable.
So what should you do? Two options really – take on the services of a specialist external organisation or bring that knowledge in house as soon as possible, whether on an employee basis or in the form of an expert contractor. Of course, we’re in the recruitment industry, and we place both permanent and contract staff, so it’s not hard to guess that well be recommending you bring the expertise in house.
But there are good solid business reasons for this approach. Not least of which is that external services are eye-wateringly expensive, but more than that, they will probably rack up a huge bill just taking the time to fully understand your existing systems. Followed almost certainly by the recommendation of a raft of new software security products which you can’t be entirely sure are either necessary, or the best options – given the company in question will of course be a reseller of said products.
This might sound a bit overly-suspicious, but in our minds, no-one has your best interests at heart as much as someone who works within your business full time, and can determine what you need from the inside out. Someone who brings specialist skills from other positions or contracts, very possibly those exact type of organisations which we’ve just described. A highly skilled cyber-security expert is worth their weight in gold, not only because they fully understand your systems and can implement the best possible defence mechanisms, but also because - should the worst still happen - they will be able to hit the ground running when it comes to a fix.
At g2 Recruitment, we specialise in helping organisations to identify the right expertise for their business – covering both permanent employees and contract-based resource, depending on your specific requirements. Many organisations find a contractor more suitable as they provide more flexibility, without the commitment of a permanent employment arrangement, yet still have all of the skills and experience they need.
When it comes to cyber security that ‘expertise’ can mean everything from compliance, information assurance and network security, through to digital forensics, penetration testing and ISO27001 expertise. So whether you need a single individual for a set period of time, an entire team of permanent specialists, or anything in between - we can help you get your ducks in a row. Ready to handle any attacks that might come your way in the future.
This may all sound a bit like scaremongering, and just a little bit opportunistic on our part, given recent events. But we do passionately believe that any organisation which relies on their IT systems – and show us one that doesn’t these days – has a responsibility to protect those systems, and the data they hold, to the best of their ability.
Going back to the most recent incident, the finger-pointing has already begun, and the general consensus seems to be that the NHS in particular was unprepared for an attack of this type because its systems were out of date and not properly protected. So the whole concept of cyber security actually starts with the basics of getting your systems up to date in the first place.
In a recent interview, Microsoft President Brad Smith told journalists that all organisations should ‘treat this attack as a wake-up call’ and we 100% agree with that approach. Anyone who wasn’t affected has been lucky this time, but ignoring the warning signs could now be considered criminally negligent. These types of attacks are very real, and can be devastating for both private and public sector organisations, so now is the time to get your house in order. And that starts with having the right expertise on board.
We’ll leave you with these findings from a KPMG/BT survey carried out just a few months ago. The published report showed that 75% of senior managers discuss cyber security in quarterly board meetings, yet just 22% said they were ‘fully prepared’ to deal with an attack. Meanwhile, 46% blamed legacy IT systems as their biggest weakness, yet 45% said they didn’t have the right staff in house to deal with any of this.
Need we say more?