Peter Reed

Lead Advisory Partner

Pete joined Headforwards in 2022 as lead Partner in our CIO Advisory division. He has worked as a senior IT Executive for over 20 years, his most recent industry role being Chief Information Officer for AXA Health. At AXA, Pete provided IT across both UK and Global business lines supporting strong business growth and profitability.

As technology becomes more specialist so do the Cyber controls needed to keep data safe and secure. It’s very easy for organisations to be overwhelmed by the number of things they feel they need to do to protect their customers and themselves. 

For large organisations there’s a continuous stream of new information to deal with, and threats to manage with a never-ending list of cyber tasks and priorities. For smaller organisations there is the need to keep a proportionate focus on cyber and access specialist expertise when needed. Publicity around data loss unnerves organisations and can leave many boards and executives confused about how to tackle security.  

One thing we can all be sure about is that the need to have a clearly defined approach to managing security is not going away. There is lots of help and advice available to organisations however one of the most important things to remember is that every organisation is different. The risk profile of similar issues can be very different for each organisation, so it is vital that you build a security strategy tailored to your individual needs. 

There’s no one size fits all when it comes to cyber solutions

There are many pro-active actions organisations can take to reduce the threat of cyber-attacks, but every organisation has a unique technology and data environment which needs to be considered. For example, two organisations could both use the same software or infrastructure products, but how they use it and configure it is likely to be unique.  

Consideration must also be given to the way technology is consumed by customers and employees within an organisation, as well as the type and value of data it holds, how many transactions it completes, the internal capability it has, how reliant it is on Third parties, how up to date the technology is, and how effective its existing controls and monitoring are.  

It sounds obvious to say but to be great at identifying problems and fixing them along with a true understanding of the risk they present requires a good understanding of both cyber and technology. 

There are probably 100’s of things each organisation should be doing to improve its cyber security, but most only have enough bandwidth to do a few of them, so which should they choose? 

Encryption, data loss prevention, backups and recovery, redundancy, firewalls and proxies, scanning, patch and vulnerability management, authentication, endpoint management, technical debt, lifecycle management – the list goes on and it’s all very overwhelming. 

All these things are important, however the cyber strategy that is right for you will be one that looks at these in the context of your organisation and is tailored to you. 

Be careful not to overreact to and keep things proportionate. Organisations can be drawn into using their limited cyber and technology resources to prioritise fixing things that are very unlikely to happen, and the risks that are much more likely to happen are left. It is much more likely that these threats will catch organisations out and cause problems.   

Cyber Security: Good practice 

  • Keep things current (lifecycle management) 
  • Follow up on monitoring

The most sensible thing a company can do to protect itself from cyber issues is keep things current.  

It’s not unusual for organisations to ignore recommended updates for long timeframes; these things can be ignored to a point, but a system that’s not updated is a weakened system where cyber is concerned.  

Organisations that keep on top of updates and are good at monitoring often fall at the final hurdle by failing to have a robust process in place that follows up on potential issues. Monitoring is only beneficial if potential threats are fixed by someone who has the time and capability to do so.  

If you would like some help and advice to assess your security risks, put in place a cyber strategy or fix specific things get in touch with us and we would be happy to put you in touch with our specialist Cyber consulting team. 

Headforwards™ is a Registered Trade Mark of Headforwards Solutions Ltd.
Registered Address: FibreHub, Trevenson Lane, Pool, Redruth, Cornwall, TR15 3GF, UK
Registered in England and Wales: 07576641 | VAT Registration Number: GB111315770