From Sony to Virgin Media, to say cyberattack is a hot topic in the media at present would be one of the great understatements of the year.
Alan Calder, chief executive of IT Governance, says: “When you look at the current spate of cyberattacks – many successful – you can’t help but feel there are a lot of organisations which simply don’t care very much about protecting their customers’ personal data. Such complacency is morally inexcusable and often either illegal or a breach of a commercial contract, such as failing to meet the requirements of the global Payment Card Industry Data Security Standard (PCI DSS).
“Why on earth are organisations risking millions of pounds – and brand reputation that might literally threaten the existence of the company – with inadequate information security? Penetration testing on the vulnerability of a website to cyberattack can cost as little as £2,000.
“Furthermore, here in the UK, we too often see a cavalier attitude toward the Data Protection Act (DPA). Already this month the Information Commissioner’s Office has issued Surrey County Council with a £120,000 penalty after e-mails containing sensitive information were sent to the wrong recipients on three separate occasions by staff members.
“Incident after incident indicates one of the weakest links in DPA compliance is staff. Organisations need to implement better, consistent and systematic training.”
Calder is a leading author on information security and IT governance issues. He is an authority on ISO27001 (formerly BS7799), the international security standard, about which he has co-written (with Steve Watkins) the definitive compliance guide, ‘IT Governance: A Manager’s Guide to Data Security and ISO27001/ISO27002’.