The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Calls for Businesses to Face Annual Cyber Security Test

21 February 2018 | Updated 07 March 2018

The MD of an ethical hacking specialist says organisations holding personally identifiable information should be required to undertake annual cyber security testing to demonstrate how robust their infrastructure and processes are.

Paul Harris, head of Manchester based ethical hacking specialist Secarma, argues that breaches of personal data and its subsequent misuse in fraudulent activity have reached such an extent that the situation is now only rectifiable through significant legislation.

Under Harris’s vision, anyone dealing with data that could, in the wrong hands, pose a risk to individuals or businesses should be forced to demonstrate a level of care and competence in handling data.  

He said: “We've got to a point where having a requirement in law for organisations to start taking this seriously is the only way forward. What we're doing at the moment is not enough and it's clearly not working.

“As a result of the Equifax breach, 143 million sensitive records are now freely available to criminals and other malicious actors across the globe. It prompts calls for us to take action and think about this more seriously. The government has a duty to address this issue.

“Legislation now appears to be the only way to drive change in this area. In the last 20 years the security industry hasn't progressed a great deal in its mission to get people to understand the issues and risks inherent in holding critical data on the internet.”

Financial services organisations in New York State are among a very few data controlling organisations currently required to undergo penetration testing and vulnerability scanning.  


Global examples

Harris continued: “Requiring organisations to have annual penetration testing is a fantastic step forward. There are pockets around the world doing this really well and seeing great results. This is exactly what we should be doing as a country and around the world, but it needs to be broader than one sector in one jurisdiction.     

“GDPR is a step in the right direction, but we need to give people more opportunity to get it right. We need the government to introduce frameworks and legislation to advise businesses and help them stay secure.

“The scale of the risk is so much greater now and there are many more threat actors. The motivation for these people to attack is increasing as we generate more and more data about ourselves. Cybersecurity is a cost, but it needs to be seen in proportion with the scale of the risk.”

Secarma is owned by UKFast CEO Lawrence Jones and based at UKFast Campus in Manchester, providing cyber security services to global, blue-chip clients. 

Picture: Paul Harris, MD at Manchester based ethical hacking specialist Secarma


Article written by Cathryn Ellis | Published 21 February 2018


Related Articles

GDPR - A Little Help From Your Friends

ThisWeekinFM is reminding readers GDPR is for life and not just May 25...but we also have a cunning plan to help keep you and your organisation compliant.  Whilst...

 Read Full Article
Is BYOD Creating A GDPR Risk For Your Business?

Does your Bring Your Own Device (BYOD) stance have the potential to create risks relating to data protection or breaches, as a result of staff using a single smartphone...

 Read Full Article
Two Million Fleet Drivers To Revalidate Driving Licence Data Consent

There are over two million drivers who will have to revalidate their driving licence data consent, writes Malcolm Maycock, Chair of the ADLV. Whilst this is a mammoth...

 Read Full Article
Raising The Bar – Consent Under The GDPR

Straight from the horse's mouth, Steve Wood, Deputy Information Commissioner, writes for ThisWeekinFM on the topic of 'consent', how to get it and what to do...

 Read Full Article
Denial Of Service Costs Escalate

A DNS Threat Report has revealed the cost per attack has increased by 57% to $715,000 for organisations globally. EfficientIP, a specialist in DNS security to ensure...

 Read Full Article
Are You Ready For Business Change?

Andrew Carwardine offers 7 Steps to Change & Put Process Back On The Agenda. Thanks to GDPR, processes are back on the agenda but why the wait? Shouldn't we...

 Read Full Article
Crown Prosecutions Service Prosecuted - And Other GDPR-type Convictions

You could hardly make it up but the Crown Prosecutions Service has been fined after losing victim interview videos - PLUS a variety of convictions including a...

 Read Full Article
GDPR - No Confidence In Compliance. Mobile Workers Are Biggest Hazard

Most companies are not confident of being fully compliant ahead of the GDPR deadline with the biggest fear being the loss of data on laptops and other mobile...

 Read Full Article
Gangsters' Paradise Leads To Jail Terms For Business Phishing Scam

Gangsters who altered business emails to rip-off more than £1 million have gone to jail. Two members of the Nigerian organised crime group who committed the fraud...

 Read Full Article
Human Error Could Cost UK Businesses Up To €20 Million

Over three-quarters of British businesses say that a proportion of inbound mail and communications is incorrectly allocated due to physical handling, creating an...

 Read Full Article