James Thew - Fotolia
The timing of Security Serious week could not have been more timely with the decision to spend five days focusing on the issue kicking off against a background of the TalkTalk attack.
Most people will have woken up this morning to discover that TalkTalk has spent most of the night fending off a major cyber attack designed to get access to its sensitive data.
That attack, which could have gained access to customer data, is part of a growing trend where criminals demand ransoms from firms to prevent further problems.
Against that background the first Security Serious week kicks off on Monday and runs for five days encouraging more firms to pay more attention to the subject.
The campaign has got the backing of a range of firms in the tech world, including HP Security Voltage and Canon UK as well as banks and large FTSE 100 players like GSK and Unilever.
During next week the focus will be on encouraging firms to think about security and share best practice to improve their ability to defend their information.
“New Quocirca research, not yet published, shows that the majority of UK-based organisations accept targeted attacks are inevitable and that some will be successful,” said Bob Tarzey, industry analyst at Quocirca.
“Those that have taken this fact on board are the best prepared both to reduce the likelihood of successful attacks, minimise their impact when they do happen and to cope with the aftermath of those that succeed. For example, having a breach response plan can significantly reduce the final cost of a successful attack,” he added.
Brian Brackenborough, CISO for Channel 4, said that everyone had to think about cyber security.
“Security is everyone’s responsibility, educating the end user is the most important thing you will ever do,” he added “Here at Channel 4 we use a wide range of tools and technologies to provide the staff with a safe environment in which to work, but nothing beats speaking to them face to face.”
Events like the Talk Talk attack act as timely reminders of the need for staff throughout a business to think about what they are doing to protect data.
Jonathan Armstrong, partner at law firm Cordery, which specialises in cyber security, said that education was still needed.
“We need to educate our employees on security risks and how to prevent them – because the law demands it but also because that’s simple business sense too. We need to teach new threats not old and we need to do that in a way that employees understand the risks and what to do to reduce them,” he said.