UK organisations paralysed by cyber security landscape need to get fundamentals right first

UK organisations are paralysed by the choice of security technologies available to them, but are failing to maintain the basic fundamentals. This is according to Peter Groucutt, managing director at Databarracks. Groucutt has significant concerns about the vulnerability of UK organisations against a growing cyber threat landscape:

"Cyber threats are now the biggest cause of major recovery we're seeing amongst UK organisations, and this trend will continue in 2017. As the sophistication of attacks continues to mature, organisations are facing more frequent and serious attacks from a greater number of vectors. IT departments are being presented with an overwhelming range of mitigation strategies and security technologies, but without an endless budget and specific skills in-house, it's impossible to implement them.

"It is easy for organisations to become paralysed by the choice of security options, but it is absolutely vital to not neglect the basics and to deliver a solid baseline. This starts with reviewing and auditing their IT infrastructure and upgrading to supported software versions. Being secure in 2017 doesn't necessarily need to see huge investment in advanced cyber security solutions, but it does need to be the year that we ensure our fundamental security practices are up to scratch.

"Advanced threat monitoring and alerting services, for example, are fantastic but expensive and difficult to configure correctly and to maintain. Investment in the latest software is useless if it's not being used effectively – in reality, you'll likely be no better protected.

Almost 70 per cent of London borough councils are using at least one defunct operating system, according to new research from Databarracks. The results of a Freedom of Information (FOI) request revealed a widespread reliance upon Windows Server 2003 (63 per cent), SQL Server 2005 (51 per cent) and Windows Server 2000 (10 per cent), none of which are still supported by Microsoft.

The results of the FOI are supplemented by the results of Databarracks' Data Health Check survey, released in September, which revealed that half (49 per cent) of private sector organisations are also using at least one operating system beyond end of life.

Groucutt concludes: "My advice to organisations in 2017, in the public and private sectors, is to get the security fundamentals right first – that's where they should be investing before anything else. Make sure you have up to date anti-virus and anti-spam software, ensure any security updates and patches on your network are installed, perform a review of your firewall – are the rules you put in place 12 months ago still adequate? These are all fairly basic processes that you probably already have in place, but haven't reviewed to see if they're still doing the job they're designed to.

"Unsupported operating systems are one of these fundamentals – failure to upgrade is putting your organisation at enormous unnecessary risk. The possibility of security breaches and potential data losses is much higher, as security patches will no longer be released to protect against vulnerabilities."