Following some high profile data breaches, attacks and large-scale DDoS attacks last year, cyber security remains very much in the spotlight in 2017. Just a few weeks ago Lloyds Banking Group suffered a two-day DDoS attack that affected the accessibility of 20 million customer accounts. While nothing was stolen, the fact remains that attacks tried to stop people accessing their accounts, disrupting operations and having a severe impact on customer trust.
The consequences of attacks are far-reaching — from loss of revenue and reputation, to decreased customer trust and potential fines or legal action.
So while we’re all aware of the threat of cyber attacks and potential outcomes, what are businesses actually doing about it?
As a hybrid cloud provider Pulsant is taking the issue of cyber security very seriously. In addition to securing our own infrastructure and that of our customers, we’ve taken things a step further by adding services to our cyber security portfolio.
We are licensed to certify for both the government-backed Cyber Essentials Scheme, as well as the IASME Gold Standard. What this means, as a certifying body, is that we can work with our customers to assess their cyber security and help them achieve Cyber Essentials certification — which essentially addresses 80% of the risks out there and provides the platform from which to take care of the remaining 20%.
But there is also more to consider; going back to the consequences of attacks, with the new EU General Data Protection Regulation (GDPR) coming into force in 2018, there is even more at stake. One of the key elements of the GDPR is that for organisations, large or small, that suffer a data breach, the fines will be significant — up to €20m or 4% of global turnover.
To put this into context, TalkTalk was the victim of a massive breach in 2015 in which 175,000 customer records were stolen. The company was fined £400,000 in 2016. Now consider if this attack occurred in 2018 under GDPR and the fine would be absolutely staggering.
And again, the question becomes, what are business doing about the cyber threat?
IASME has just released a new question set for Cyber Essentials, as well as the IASME standard. In a nutshell, the IASME standard is directly aligned to ISO27001, making it the ideal step in any compliance journey that has ISO27001 as a goal.
The standard now also includes questions that target GDPR. In March these questions will become mandatory within the IASME standard, making the certification even stronger.
Reassuringly, IASME is the first assessment body to recognise the importance of GDPR by including it in its standard and it is something that we are already working with our customers on.
2018 may seem distant, but given the seriousness of the GDPR and the consequences of not meeting them, there is no time to waste in tackling this issues and getting business operations in line with regulations.
If you’d like more information on Cyber Essentials or IASME, please get in touch with us today.