The Biggest & Best Portal to the Professional Property, Workplace and Built Environment Community

Sunday, 25 March

Calls for Businesses to Face Annual Cyber Security Test

The MD of an ethical hacking specialist says organisations holding personally identifiable information should be required to undertake annual cyber security testing to demonstrate how robust their infrastructure and processes are.

Paul Harris, head of Manchester based ethical hacking specialist Secarma, argues that breaches of personal data and its subsequent misuse in fraudulent activity have reached such an extent that the situation is now only rectifiable through significant legislation.

Under Harris’s vision, anyone dealing with data that could, in the wrong hands, pose a risk to individuals or businesses should be forced to demonstrate a level of care and competence in handling data.  

He said: “We've got to a point where having a requirement in law for organisations to start taking this seriously is the only way forward. What we're doing at the moment is not enough and it's clearly not working.

“As a result of the Equifax breach, 143 million sensitive records are now freely available to criminals and other malicious actors across the globe. It prompts calls for us to take action and think about this more seriously. The government has a duty to address this issue.

“Legislation now appears to be the only way to drive change in this area. In the last 20 years the security industry hasn't progressed a great deal in its mission to get people to understand the issues and risks inherent in holding critical data on the internet.”

Financial services organisations in New York State are among a very few data controlling organisations currently required to undergo penetration testing and vulnerability scanning.  


Global examples

Harris continued: “Requiring organisations to have annual penetration testing is a fantastic step forward. There are pockets around the world doing this really well and seeing great results. This is exactly what we should be doing as a country and around the world, but it needs to be broader than one sector in one jurisdiction.     

“GDPR is a step in the right direction, but we need to give people more opportunity to get it right. We need the government to introduce frameworks and legislation to advise businesses and help them stay secure.

“The scale of the risk is so much greater now and there are many more threat actors. The motivation for these people to attack is increasing as we generate more and more data about ourselves. Cybersecurity is a cost, but it needs to be seen in proportion with the scale of the risk.”

Secarma is owned by UKFast CEO Lawrence Jones and based at UKFast Campus in Manchester, providing cyber security services to global, blue-chip clients. 

Picture: Paul Harris, MD at Manchester based ethical hacking specialist Secarma


Article written by Cathryn Ellis


Related Articles

Cyber Crime and GDPR - Trends For 2018

David Ferbrache, chief technology officer in KPMG’s cyber security practice, highlights ten cyber security trends we can look out for in 2018. He...

 Read Full Article
Logins Could be a Rotten Affair

Relying on 'auto-fill' to complete the login process for websites as well as storing bank card details to shopping sites such as eBay and Amazon can make for...

 Read Full Article
Security In A Water World - Security In An Energy World

SecuriPlex has won a three year contract with Northumbrian Water and we look at Ashridge Group Security's relationship with Engie.   Security In A Water...

 Read Full Article
UK Steps Up Cyber Defence Ahead Of Russian Threat

With Russia on the prowl, UK Cyber Defence is getting a new Defence Cyber School and the military are flexing their cyber defence and attack muscles. Part of a...

 Read Full Article
On Trend - Can Hackers Turn The Heat Off?

Ken Munro of Pan Test Partners has written a blog - the original of which and more pictures can be accessed if you Click Here  Munro says he has found...

 Read Full Article
Top 10 IT Security Predictions for 2018

As the headline fact, blatantly states, we have the top ten IT security predictions - courtesy of Ian Kilpatrick.   1. Security blossoms in the...

 Read Full Article
Andromeda Strained - International Cyber Op Dismantles Botnet

On November 29, the Federal Bureau of Investigation, in close cooperation with the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s...

 Read Full Article
NHS Seeks Friendly Fire Power In Cyber War

NHS Digital has announced (Nov 28) a £20m project to boost its ability to support the NHS with its data security - including making funds available to encourage...

 Read Full Article
Pilgrims Choice. New At Noonan. BIFM On Counter.

British Institute of Facilities Management is offering counter terrorism advice via a Guidance Note   In its encouragement for readers to access the guidance...

 Read Full Article
Uber And The Cyber Nightmare Ride

In an unprecedented move, the National Cyber Security Centre has commented specifically on the Uber data breach - with a coded reference to the fact that Uber tried to...

 Read Full Article