Cyber crimes are on the increase. How to put your business in the cyber security driving seat

Cyber security is an issue that nearly all businesses need to be aware of, but the latest research by leading technology industry analyst, Omdia , uncovered a worrying gap in the perception many businesses have of the risks. ?Omdia found that only 33% of businesses believe they will fall victim to a cyber attack. In contrast, 91% of security decision makers say they have dealt with a security incident in the last year. (Source: Fit for a Secure Future report, Vodafone Business/Omdia July 2023)

Global cyber-attacks rose by 7% in the first quarter of this year, according to research cited in a recent Forbes article Cybersecurity Trends & Statistics; More Sophisticated And Persistent Threats So Far In 2023 (5 May 2023). The same article also gave an estimate that 4 companies fall victim to ransomware every minute.

It’s not surprising that cyber security remains a top concern for many businesses. Large organisations have a dedicated CISO (chief information security officer) to manage security across the business. But for most small-to-medium sized enterprises (SMEs), even those with several thousand employees, the responsibility of looking after information security usually falls on the IT staff. Having to deal with the constant threat of cyber attacks on top of all their other operational duties can be a real challenge. Cyber criminals have caught on to this and are targeting smaller, often more vulnerable, firms.

I caught up with my colleague Declan Kenny , who leads a team of security specialists at Vodafone Business, to learn more about how we are helping SMEs take an holistic approach to protecting their business.

The cyber security market is a thriving one and there are endless products, services and partners to choose from. For an IT manager, it can be very confusing to pick out the security solutions they need. I was interested to hear about the way you work with our customers. How do you help customers to make the right decisions when it comes to safeguarding their business?

Declan: Because every business is different, we always start the conversation by finding out about their business and getting a good overview of their situation. A customer might call us with a specific product in mind, but in my experience, if we work in partnership with the customer, they can make a more informed decision to protect their businesses more effectively.

Can you give us an example of a typical discussion you would have with a customer?

Declan: Our security specialists have worked with hundreds of businesses. We typically spend around 90 minutes with a customer and it’s much more of a business discussion than a technical one.

Declan: We use a simple framework to guide the conversation, covering 6 related topics:

• Governance – what is the customer’s strategy on risk and security? What are their current IT security skills? Do they have defined security roles and documentation in place?
• Identification – we help the customer understand the main threats and vulnerabilities to their business.
• Protection – we discuss where they already have good security in place, and where there may be gaps or weaknesses and what actions the customer can take to improve the level of protection.
• Detection – what ongoing monitoring does the customer need to keep on top of new and evolving threats?
• Response – it isn’t possible to protect a business from 100% of the cyber threats out there as it is such a rapidly changing environment. Does the customer need to have plans in place in the event of an attack succeeding to detect the breach and reduce the impact on their business?
• Recovery – we discuss actions that can help to make the customer more resilient, so that they can recover more quickly in the event of an attack.

This sounds very comprehensive. Are there other considerations that customers need to be aware of to make the best cyber-security choices for their business?

Declan: An important consideration for the customer is finding a security partner that is right for them. For example, a customer may decide having local language support is important. Certain industry sectors have regulations such as data sovereignty, which would rule out working with partners who only have data centres in another country. ?At Vodafone, we work with a range of partners, from global consultants to local providers, and that makes it possible for our customers to find a partner that meets their needs.

What advice would you give to a business owner or head of IT who wants to keep their systems protected from the latest, as well as future, cyber threats?

Declan: First, get an idea of the impact on your business if you can’t operate. How much revenue would you lose per day of downtime? What is the cost of the harm to your brand reputation?

Next, taking a 360 degree approach, as I have outlined in the framework, will put you in the driving seat when it comes to deciding what protection and recovery solutions will meet your business’ needs. At Vodafone, we set up a workshop to guide our customer through the framework. It’s free and there is no sales pitch.

Finally, remember, there is no right or wrong answer because every business is different. Find a provider who is going to be a long-term partner. The threat landscape is changing all the time and so are your business’ priorities. Regular reviews with your cyber-security partner will keep your protection up to date and fit for purpose.

Put your business back in the cyber security driving seat, find out more at:

Vodafone Business | Global business solutions

All About Our Fit For The Future Advisory Service | Vodafone UK