Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you request to download our free implementation guide, we use your name, company name (which is optional) and your email address to email you a link to download the requested document. We may also email you after your download in order to follow up on your interest in our products and services. We will do this based on our legitimate interest in marketing to prospects for our products and services. Your name and email address are stored on our website which is hosted with Digital Ocean. Your personal data is stored for one year after you requested your download, after which it is deleted.

Reveal Menu

The Security Iceberg That Could Sink Your Company

The cost of security

One of the oft-cited objections to putting an effective information security management system (such as that defined in the ISO27001 standard) in place is that of cost. The people cost money, the tools cost money, the internal and external auditors cost money and as for management time, well time is money after all. And often the benefits of security are hard to define, mainly because you don’t know how big a risk it is to not have any in the first place.

Yes, there are reports and surveys that claim to show the true scale of the problem of cyber-crime but, well they’re written by people who want to sell you their products aren’t they, so can you really trust them? The answer is probably no, but that doesn’t mean they’re wrong.

Let me explain….

The Hidden Cyber-Crime

Let’s think for a minute about the whole area of cyber-crime.

You have some assets in your company which are stored on one or more computers. These assets are worth a lot to you – they could be customer records, product secrets, HR information, financial data etc. and without them you would have a serious problem running your business. Not only that, but the assets may include some things that you don’t want anyone else to know; the information could be useful to a competitor or it could be stuff that would be embarrassing if it leaked on the Internet and became public knowledge.

Now let’s add to this picture that fact that most hacks nowadays don’t advertise their presence; gone are the days when a skull would flash up on screen saying “you’ve been hacked!”. No, it’s likely that if you have been hacked you probably don’t know it. The first you might know is when the hacker uses the information they have stolen for a purpose such as extortion or embarrassment.

Let’s say you get lucky and you find out that someone has accessed your systems illegally. Would you know what they have taken? Possibly not and you may have to assume the worst case. Can you track them down and get them arrested? Well, even if you were to prioritise forensic examination over fixing the problem as quickly as possible, the chances of the trail leading to the right person are quite frankly remote.

So no justice there.

The iceberg

Then there’s the question of whether you tell anyone. This is where reputation comes in. The harsh truth about the consequences of a loss of reputation after a successful hack (or even an unsuccessful one) is that it will probably sink you. Think about how you would react if you found out that a company you dealt with had lost your data; you would probably look elsewhere to meet your needs, particularly if similar suppliers are plentiful and competition is fierce.

A company that suffers such a public breach might survive if they are big enough and have sufficient reserves…just. But how many smaller companies would make it past the sudden lack of customers? The sad fact is that, once lost, trust is a very hard thing to regain. In most countries today there’s no legal obligation (yet) to report breaches of security to the authorities. Let’s face it, you’re probably not going to tell anyone.

So in essence:

  1. Many organizations have no idea they’ve been hacked
  2. If they think they have, most can’t tell what’s been taken
  3. The chances of finding the culprits are slim to zero
  4. Telling anyone about it is business suicide

 

 

Iceberg

In terms of risk what we have is an iceberg – an increasingly large visible top of public security breaches with a potentially massive hidden expanse below the water. How big an expanse? No-one knows. And in terms of impact we have an almost Armageddon scenario where a loss of trust sends your business under at a rate of knots. That’s the kind of risk I would take seriously. So yes, good security is a cost. But bad security is so much more expensive.

The ISO27001 standard

The ISO27001 standard gives you the tools to assess and manage your risk so that the chances of your company hitting the iceberg are reduced.

And the CertiKit ISO27001 Toolkit gets you to ISO27001….fast.

Over 3000 businesses have purchased our toolkits

Testimonials

Keep pitching what you do.... It works and wins when comparing to perceived competition. Almost a personal touch springs to mind. Personally like the product, and the way it's delivered.

Director/Founder/C-Level
Reality Consulting, Jersey

View all Testimonials