As a result , a lot of ransomware attacks target the middleman , being smaller companies in the supply chain . In response to this , I believe there is an onus on big companies to push capabilities such as security technologies , best practices and training back down the supply chain . The only way we are truly going to be able to tackle the biggest cyber threats is through joined up thinking and shared intelligence – just as we do with national intelligence . Not just sharing information between individual Commercial organisations but between our Allied Intelligence , Defence , Military and Commerce . Larger companies could and should be able to afford to subsidise at least some of the adoption of critical technologies in their supply chain . There are some isolated examples of this happening , in the banking industry , for example , where corporates insist on their supply chain adopting certain technologies and processes , or subsidise it themselves .
Another interesting area is insurers , who have been tiptoeing around cyber for some time now . Even as recently as a few years ago the information collected and the calculations on risk for cyber insurance were simply not fit for purpose . We have a situation where small firms are taking on cyber insurance , but this simply doesn ’ t line up with the threats they could face and the potential damage to their organisation . So , SMEs and Insurers can massively underestimate the protection given and received . Ransomware has proven this which
has turned into a multi billion dollar industry for the hacker . The chances of being caught are low and even fines or imprisonment are not much more than a slap on the wrist compared to trafficking drugs as an example
This comes down to standards in our industry , but it takes so long to effect meaningful change that technology moves far faster than standards can . By the time a standard or set of policies are agreed and enforced , often the issue has moved on and replaced by other issues . Such is the exponential pace of technology and hackers
Q . WHAT ARE THE PITFALLS FOR LARGE ORGANISATIONS ?
» We see consultants from the large Consultancy firms come in , write processes and reports to follow from mainly young and inexperienced staff or interns . Naturally they ’ re very good at writing procedures , but alongside this they cement themselves within those processes so much that it is impossible for the large organisation to operate without them and therefore to be agile . They ’ re
cybermagazine . com 21