Ahead of the introduction of new EU data protection legislation, cyber security expert Alan Calder – the founder and executive chairman of international cyber security firm IT Governance Ltd – recently delivered a webinar to EU businesses about using international standards such as ISO 27001 to improve their cyber security.
Cyber security threats continue to multiply at an alarming rate: in 2014, a billion data records were compromised and there were, undoubtedly, numerous unrecorded incidents affecting countless others. 2015 is likely to be even worse. Criminals continue to work around the clock, often employing automated attacks to exploit vulnerabilities as soon as they are discovered.
For the EU organisation that doesn’t have adequate cyber security in place, Calder’s conclusion was a stark warning: “If you don’t think you’re cyber secure, you probably aren’t. The sooner you take action, the better it will be for your organisation. Cyber criminals don’t take time off around the world. There are cyber criminals at work, looking for organisations they can hack into. So do take action as soon as you can to make sure that you get yourself secure as soon as you can.”
Organisations throughout the EU are increasingly implementing the internationally recognised cyber security standard ISO 27001. The Standard sets out the requirements of an information security management system (ISMS) – an enterprise-wide approach to information security that addresses people, processes and technology. Certification to ISO 27001 increased by 25% in Europe year-on-year according to the latest ISO figures.
ISO 27001’s risk-based approach enables organisations to implement cyber security best practices based on the risks they actually face, and by achieving certification to ISO 27001, businesses can demonstrate their commitment to cyber security to their stakeholders, as well as fulfilling their data protection obligations under new EU laws such as the GDPR and NIS Directive.