TECH & AI
data . The GDPR implementation date is now four-and-a-half years ago , and any data discovery assessments conducted back then will be severely out of date if this has not been a regular exercise .
If a business takes only one step to tighten cybersecurity , what should that be ? JT : Enabling multi-factor authentication on all internet-facing applications . This one extra-step is sometimes enough to convince cybercriminals to move on to other targets .
PG : Dispelling the myth that ‘ it will never happen to us ’ must be the first step . The most important thing is to take the risk of cybersecurity and cyber-based attacks seriously . This means , first , accepting there is a real risk the organisation could be impacted and , second , making it a priority to ensure there ’ s no complacency .
Once this is done , there will be a natural progression of activities to help identify and protect an organisation . No two organisations are the same in terms of their business or operating model , size , culture and risk exposure , so those activities should be tailored to the environment and threat profile .
Are supply chains in certain sectors more vulnerable than others ? JT : There are some sectors that , traditionally , have not invested heavily in building and running state-of-the-art technology . By definition , this makes them more susceptible to being successfully attacked .
Typically , I see this in companies with tight margins that are spend-conscious and haven ’ t seen the upfront benefit of significant financial investment in technology .
Also , some sectors are more heavily targeted – including IT-managed service providers , who are seen as low-hanging fruit by hackers – because a successful breach of a managed service provider ( MSP ) will result in access to multiple target organisations in a single hit .
“The most important thing in cybersecurity is the relentless use of multi-factor authentication ”
JAMES TAMBLIN VICE CHAIRMAN , BLUEVOYANT
120 December 2022