Companies need to put more emphasis on improving their reactions to cyber attacks rather than continuing to focus on prevention, says AXELOS CEO Peter Hepworth.
“What our research and listening to corporations has found is intelligent organisations have moved beyond thinking it will never happen to them," he says. "They know they’re being attacked – what they want to know is how to recover when they are attacked.”
AXELOS was set up in July 2013 as a joint venture between business process outsourcing firm Capita and the UK government to provide process and project management methodologies.
In preparation, AXELOS has formed a team of senior business executives and experts to provide a board-level understanding of what helps companies bounce back from attacks.
Although there are a number of standards and best practices in place to prevent cyber attacks, firms are still falling foul, says Hepworth, and this is usually due to the internal attitude and people, rather than technology.
“What we’re looking to respond to is not what you should do, but how you should do it. Everyone has a role to play in how you should sensitise your staff,” he says.
The aim of AXELOS’ new guidance is to avoid the common problem of many departments saying cyber resilience is just up to the security team. “It’s everyone’s job,” says Hepworth.
The technology aspect of cyber security is increasingly well addressed, he says, but training people to take on responsibility for their own actions is not.
“By basing our cyber resilience guidance around the process-based approach of ITIL, you know which are your key information assets and you understand your business," says Hepworth. "This is the first place to start as far as understanding your risk is concerned.”
Public sector roots, global reach
Read more about cyber security
- The civil service is recruiting 50 Tech Industry Gold cyber security apprentices in England and Wales
- Security professionals have warned businesses not to rely on cyber insurance in the face of increased cyber attacks
- In his State of the Union address, US president Barack Obama has pledged to urge Congress to pass a raft of legislation aimed improving US cyber security
AXELOS, which is 51% owned by Capita and 49% owned by the Cabinet Office, was originally produced by the civil service to make organisations work effectively on various projects, including those concerning IT service management.
Launched in 2014, the organisation is independent, allowing the user community to focus more on the content of frameworks and guidance without much interference.The firm puts a heavy focus on the guidance given, ensuring the content is fuelled by good ideas to keep the ITIL structure up to date.
But while the business has a combination of access to one of Britain’s largest corporations and the UK government, more than 75% of publication sales and Prince2 certification is sold outside of the UK, a trend that is growing faster due to emerging markets.
“That part of our business is actually growing faster, and it’s emerging markets – China and various other markets – that are expanding fast and looking to adopt," says Hepworth. "They’re looking for best practice and what has worked for the UK.”
Startups and culture
AXELOS has just moved offices following rapid growth in the past year, but due to its agile and creative nature it still considers itself a startup.
We’re making fast changes and we’re flipping things upside down if that’s what needs to happen
Peter Hepworth, AXELOS
“The point about startup here is the pace of change,” says Hepworth. “We’re thinking differently and we’re making fast changes if that’s what needs to happen. So that’s a good challenge.”
During Tech City UK’s Open Co 2014, Spotify head of labs Gary Liu told Computer Weekly the elements of a startup are having the right internal culture and the right people.
“It’s a mindset,” he said. “It’s the people you have and the desire to change.”
Axelos has grown from four to just under 100 people in a year and has held vacancies throughout that time to ensure the right people are eventually hired.
“The personal values are passion, initiative and communication. That’s the type of people we’re recruiting,” concludes Hepworth.