10 Jun SAP enabled firms are failing to be cyber-scared.
Is it surprising that so far in the UK, many firms running SAP software are not particularly, if at all concerned about the risks of a cyber-security attack? Perhaps it is, perhaps it isn’t.
Many firms, for example in manufacturing may neither hold especially valuable intellectual property (IP) information, nor are they dealing in high value products. Their staff turn-over may be low and their customer base and product listings are no secret. They may hold no credit card data in house, so why should they be scared of a cyber-attack? What’s more, there is security in numbers: Sure they may be vulnerable, but why would a hacker single them out from 1000’s of other firms with a similarly lax info-sec profile. There is much validity to these arguments. Similarly, it can be difficult to justify a budget for information security, when this spend may be regarded as ‘dead-money’, or investment that will bear no visible return.
Explain that to the CIO and CFO when a DDOS attack has meant that you have lost 12 hours of prime time e-commerce, and many of your customers are now lost customers. Or that the investor community has learned of your cyber-attack and have voted with their share portfolios.
No amount of money can provide a cast-iron guarantee against cyber-attacks, however, very small budgets (8 – 10 man days), can significantly tighten the cyber-security stance of many firms. Much like the opportunistic car thief who tries door-handles for easy pickings, cyber criminals look for low hanging fruit. For the vast majority of firms who are not considered high security, (banks, MOD suppliers etc.) a basic Cyber Security health check is all that is required to tighten up a company’s cyber security hygiene, and secure the majority of the attack surface.
Hindsight is a wonderful thing, but foresight can be far more prudent.