MT EXPERT: 5 questions you should ask your data security team

Cyber threats are scarier than ever before, says former GCHQ data boss Andrew France. Now is the time for businesses to quiz those in charge of warding off cyber threats.

by Andrew France
Last Updated: 24 Feb 2016

The ousting of Target’s CEO and the fact Morrisons’ CEO had to give up his bonus following recent massive data breaches show just how quickly a company’s reputation—and that of its senior leadership—can be overwhelmed by an attack on its network. With hacking becoming increasingly sophisticated and frequent, we can expect more scrutiny from regulators, shareholders, analysts and the public on what management teams are doing to protect their most valuable information.

As data security moves up the boardroom agenda, Andrew France, chief executive of cyber defence firm Darktrace, explains the top five questions business leaders need to consider to stay prepared.

1. How do you identify your biggest risks?

Risk assessment is a part of day-to-day business today—but how is this done, and how has your risk management strategy changed in response to today’s more advanced tech savvy hackers? A strong governance structure is important to supporting and enforcing this strategy.

2. What are the top 3 threats to the organisation right nowand what are you doing to curb them?

It’s great to have analytics tools that tell you about data breaches. But, when these are producing hundreds of alerts every week, it’s not possible to address them all in a meaningful way. Prioritise to ensure you focus on the most deceptive threats, rather than getting caught up dealing with swathes of minor breaches and false positives. If your team cannot tell you what the top three threats are at any one time, there is a problem.

3. What is your insider threat strategy?

Every employee carries risk, whether they have malicious intent or not. Insider threats can come from a competent user who deliberately misuses their access privileges or one who inadvertently falls victim to a phishing attack. Remember: it’s not just employees that are insiders, but people all along the business supply chain. How effective—really—is your home and mobile working policy? Have you got a clear approach for managing this internal risk?

4. Is the corporate network secure?

Trick question: if the answer you get from your IT department is ‘yes’, you have a problem. Today’s networks are far too complex, porous and interconnected to be able to secure them entirely. While strengthening the network as much as possible is important, companies need to start working on the basis that they will be hacked. They need to adopt strategies that allow them to quickly identify and counter ongoing risk.

5. Do you have the right kind of cyber defence technology within the network?

Networks are far too porous to rely on security around the outside—93% of large UK corporations have been infiltrated. Advanced threats are capable of getting round even the strongest security protocols, changing their methodologies during the attack mission to reach their goal. But all is not lost: next-generation technologies can use machine learning and the most cutting-edge mathematics to adapt to evolving threats in real time. When combined with operational and intelligence expertise, this dramatically improves a company’s ability to act on emerging threats in an efficient and pragmatic way.

- Andrew France, a former deputy director for cyber defence operations at GCHQ, is CEO of data security firm Darktrace.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

What happens to your business if you get COVID-19?

Four bosses who caught coronavirus share their tips.

NextGen winners: The firms that will lead Britain's recovery

Agility, impact and vision define our next generation of great companies.

Furlough and bias: An open letter to business leaders facing tough decisions

In moments of stress, business leaders default to autopilot behaviours, with social structural prejudices baked...

The ‘cakeable’ offence: A short case study in morale-sapping management

Seemingly trivial decisions can have a knock-on effect.

Customer service in a pandemic: The great, the good and the downright terrible ...

As these examples show, the best businesses put humanity first.

How D&I can help firms grow during a crisis

Many D&I initiatives will be deprioritised, postponed or cancelled altogether in the next three months....