According to reports around 37% of smaller to medium sized businesses it is felt that as a business they are unable to manage their risks caused directly by Knowledge of IT Security. A lot of the time security is tasked with a person that knows computers and not necessarily IT specialists within the organisation, this puts a lot of stress on that person and also leaves a lot to be desired when it comes to business security. If this person understands a little security they maybe able to patch things up however, without the required reporting knowledge and incident response knowledge you will be leaving your business wide open to a new EU law.
A lot of the time security breaches go unnoticed and continue for many weeks,months even years, this is only part of it. Once the breach has been discovered it needs to be handled correctly, to discern what if anything has gone missing. How to handle the data breach, how to make repairs and how to handle any fallout.
The EU has recently pushed forward with a new Law relating to Cyber security an agreement has been made with European Commission and EU Parliament, it has a number of interesting things to take note. One of them requires all companies to provide a report on any Cyber-security breach as soon or soon after they happen or are discovered.Failure to do so come with EU sanctions fines and other penalties.
In this network and information security directive it tries to combine the 28 different EU state separate Cyber-laws in to one all encompassing version, but to understand and implement all of this is not the job of the ‘computer guy’, it take a professional security expert to work though this problem.
Feel free to comment on my article, I welcome any constructive critic.