What the surveys say
Results of surveys carried out early this year by the Government Department for Digital, Culture, Media, and Sport reveal that a large proportion of UK businesses are extremely vulnerable to cyberattack.
The Cyber Security Breaches survey and the Cyber Security skills in the UK labour market survey present some chilling statistics – although, on a positive note, figures show a vast improvement to cybersecurity since the Department’s previous surveys, conducted 12 months before.
In those 12 months, 46% of businesses experienced cyberattacks or cybersecurity breaches, and for 32% of those businesses, these events occurred at least once a week. The estimated average cost of each cybersecurity breach was around £3,230.
Probably the most alarming statistic in this report is the proportion of businesses whose senior management board don’t make cybersecurity a high priority. This figure is 20%.
During the covid-19 pandemic, when thousands of employees have been working from home, cybersecurity has become more of an issue. From various other surveys we see that many home-workers are using corporate Zoom accounts for socialising, and using work devices to access streaming services. Some people admitted to giving their passwords to family members.
With so many people working remotely, the work/home distinction is fading. Work takes on some home attitudes, and work devices take on some home functions. Lines are being crossed, and the lines themselves are fading.
Identity and Access Management
So, what can we do about it?
The development of cybersecurity technology is galloping along. To match the rising rate of cyberattack and the growing catalogue of criminal activity, cybersecurity systems are becoming more sophisticated and robust. Ideally suited to the present work-at-home situation, is the Identity and Access Management system (IAM).
An IAM system not only verifies the identity of users in order to allow access, but also regulates each user’s access to specific resources and applications within the IT system it protects. Level of access is usually based on the user’s role in the company. This set-up is known as role-based access control (RBAC).
The best IAM systems will include the Single Sign-On (SSO) facility, which enables users to access all permitted resources, using the same login for all of them. Once a user has been authenticated by the SSO solution, verification data is passed along, with the user, to each new site or application within the company’s IAM system.
With SSO, productivity is increased through saved time, and security is strengthened due to the stringent multi-factor authentication.