Companies 'need to do better' on cyber resilience

Many businesses need to become better at cyber resilience, rather than simply adopting a compliance-driven tick-box approach to digital security.

This is the opinion of Tom Van de Wiele, an ethical hacker at Finnish cyber security and privacy company F-Secure, who told delegates at the InfoSecurity Europe conference in London a lot of firms are still investing in cyber security products without really knowing if they work.

Instead, he recommended first working out exactly where critical information is stored and who has access to it, Computer Weekly magazine reports.

Next, the expert suggested booking red teaming exercises - where contractors are hired to deliberately hack an organisation as part of a simulation - in order to understand where cyber defence strengths and weaknesses are and whether existing protocols are effective.

Finally, Mr Van de Wiele also said it is essential for employees to understand they must be part of the security process too, by being aware of how the information they post online can be useful for attackers.

He concluded that the aim should be to carry out risk management and boost cyber resilience, rather than simply paying lip service to digital protection.

The comments come after research by SolarWinds revealed some public sector organisations in the UK are experiencing more than 1,000 cyber attacks per year.