UK businesses should regularly review cyber controls as threat of attack continues to increase
As leading retailers become the latest victims of cyber-attacks, leading audit, tax and consulting firm RSM UK is advising businesses to review their cyber risk controls to ensure they are as robust as possible. Earlier this month the government launched its National Cyber Security Centre (NCSC) Cyber Governance Code of Practice, providing organisations with clear guidance and best practice on managing cyber risks.
Sheila Pancholi, technology risk partner, RSM UK said: “These recent attacks on retailers serve as a warning to all businesses to continuously assess and tighten up their cyber security measures. Organisations are accountable for effective governance, cyber controls, resilience, and importantly robust plans to respond effectively to cyber incidents. The first line of defence against cyberattacks is often employees, so it’s important to also ensure staff are regularly trained and educated on cyber risks and how to spot attempts to access systems via increasingly sophisticated phishing emails (e.g. ClickFix Phish), or links to bogus websites.
“We welcome the government’s recent Code of Practice which supports businesses in governing their cyber risks to enhance operational resilience. With increasing geo-political tensions and highly sophisticated cyber criminals now operating on an industrial scale, motivated by financial gain and destabilisation, the threat landscape will only increase, with broader targeting across industries. This raises a question of whether the current voluntary code goes far enough?
“The Cyber Governance Code of Practice states that half (50%) of businesses and two thirds (66%) of high-income charities experienced some form of cyber security breach or attack in the last 12 months, with the prevalence of attacks being even higher amongst medium businesses (70%) and large businesses (74%)*. This serves as a stark reminder that there’s more to be done to improve cyber resilience and keep pace with new emerging threats.”