It has long been said that there are two certainties in life – “death” and “taxes”. However, in our increasingly sophisticated and connected world, is a “cyber attack” becoming the third certainty? Recent high profile attacks on established household names along with the UK Government's recent announcement would suggest that it is possibly true.
Of course, as with the two “established” certainties, it’s not quite that simple. Arguably it matters more what you do in readiness and as a result of these so called certainties – be it financial planning, getting things in order, focusing on the things that really matter and having a plan should the worst happen. Third certainty or not, these principles apply equally well in the case of cyber attacks. It is very easy to take the attitude “well it’s going to happen anyway” which can lead very quickly to “why bother” which, if followed through to the inevitable conclusion, underestimates the value of good preparation and the importance of impact mitigation in the worst case scenario.
Understanding the dynamics of what we can control and what we can’t plays a vital role in determining focus areas for cybersecurity. Even if the extreme case is accepted, and cyber attacks are the third certainty of life, there are still things that are within the control of organisations such as putting the basics in place (e.g. patching, system updates, anti-malware), understanding current exposure though a Risk Insight and prioritising budgets accordingly, adopting the right Enterprise Security Architecture to suit their business needs, and putting into place an incident response plan to quickly close and recover from any successful cyber attack.
Third certainty or not, another old saying “failing to plan is planning to fail” might apply if organisations do not take the necessary steps to safeguard their assets against cyber attacks and the consequences could be very costly.
Tesco Bank says it has refunded £2.5m to 9,000 customers who had money taken in an attack on their accounts.The number given for the current account customers hit by the fraud is fewer than half of the 20,000 initially reported to have been affected.Personal data "was not compromised" in the attack, and all accounts affected had been refunded, the bank said.Tesco Bank has said it was hit by "a systematic, sophisticated attack" at the weekend.