Businesses '˜too often focused' on frontline services to protect from cyber attacks

Businesses are often too focused on delivering frontline services to ensure they have adequate protection against attacks from cyber criminals, a leading digital security has claimed.

Action Fraud are warning people to beware of ransomware attacks.

Martin Tyley, partner and Yorkshire cybersecurity lead at professional services giant KPMG, told The Yorkshire Post that while there was a growing awareness of the threats posed by online hackers, the public sector was still “playing catch-up” on the issue which he said can cause massive and indiscriminate harm to organisations.

Speaking just a few weeks after the NHS was targeted by hackers in a ransomware attack, Mr Tyley said: “There were some organisations previously who would say ‘why would we be a target?’.

Sign up to our Business newsletter

Sign up to our Business newsletter

“What we have seen with ransomware is that if you have a certain version of software, indiscriminately you will be hit.

“That is very hard for organisations to get their head around.

“Our culture is a mantra of talking about frontline services. The conversations will be ‘do we invest in technology or can we employ more nurses or beds’.

“In a retailer is it do I invest in patching or more cashiers on checkouts.”

Mr Tyley said too many company heads had a thought process along the lines of “until it goes wrong it is not hurting me”.

Ransomware was used in the cyber attack.

He added that cybersecurity should be among the central priorities of organisations and have senior personnel dedicated to the matter.

“Large swathes of the public sector are switched on to this but they are playing catch-up,” he said.

“I wouldn’t say I see negligence but there are certainly some organisations who deems themselves to be a low threat.

“And therefore it sits lower in the organisation. If I am at a bank, the chief information security officer would report to someone on the exec or at least have one link away.

Cyber chaos

“I still have some clients who have it two steps down from the head of IT who in turn is two rungs down from the exec.

“If you are in the situation I would argue you are not taking it as seriously as you should.

“Those where you are around intellectual property, interestingly probably do less.

“If intellectual property is taken it is less visceral, it is less real. It is only further down the line when you are analysing and something has leaked that you realise suddenly.”

cont on pg 3

Ransomware was used in the cyber attack.
Cyber chaos