This is a guest post from Smarsh, originally seen on the Smarsh blog on April 10, 2015.
This is the second in a series focused on select response data presented in the recently released Smarsh 2015 UK Electronic Communications Compliance Report
In today’s world, cybersecurity threats continue to rise, and pose a real risk for governments, firms and individuals worldwide. Recently even the US Federal Bureau of Investigations (FBI) admitted it was ill equipped to handle cybersecurity tasks, citing low resource as the biggest challenge.
The findings from our recent 2015 UK Electronic Communications Compliance Report point to a similar sentiment amongst UK financial organisations. Nearly three quarters (71%) of firms we spoke to said they had participated in conversations in the past year concerning risks related to cybersecurity, and threats to their business as a result of digital connectivity.
Even more concerning, the research showed almost half of UK firms (46%) are not confident in their ability to prevent and detect key cybersecurity risks. In line with the FBI’s concerns, UK financial firms (52%) are also most concerned about the training of staff related to cybersecurity.
If businesses don’t feel empowered to cope with cybersecurity, yet the issue shows no signs of abating, what can be done to address the skill and knowledge gap to help firms mitigate risks?
An effective cybersecurity strategy relies on the contributions of multiple stakeholders, but it goes deeper than that. Organisational alignment is required and procedures need to be put in place to ensure the cybersecurity strategy involves ITand compliance and other risk personnel. Compliance holds a key seat at the table during cybersecurity discussions and decision-making; it’s not just the preserve of the IT department anymore.
To keep pace with this evolving environment, we recommend firms undergo a third-party cybersecurity risk assessment. This will help identify gaps, expose threats and, more importantly, offer best practices to manage and mitigate them. Businesses will also benefit from reviewing suppliers’ certifications and procedures—and scrutinising digital and physical safeguards—that protect sensitive internal and public company data.
As businesses involve compliance teams in more conversations around mitigating cyber threats, a comprehensive electronic communications archiving solution should also play an integral role.
That’s because the archive is no longer a tick box technology used only to fulfill regulatory requests for firm email messages.
Instead, a comprehensive archiving solution can help with ongoing, systematic message supervision of all content types, including email, social media, text messaging, and more.
The supervision of all of these forms of electronic communications can provide a compliance and IT team with valuable insight into risky conversations, employee data leaks, confidentiality breaches, and other activity that may be related to a cybersecurity threat.
In other words, archiving is a front-line defence that plays an increasingly important role in overall cybersecurity strategy and efforts. First, it helps reduce and consolidate electronic communications silos across a growing number of content channels. Then a firm can identify risky communications or activity proactively — before they become serious and potentially damaging issues.
To understand the full set of capabilities of The Smarsh Archiving Platform, please visit http://www.smarsh.com/archiving-and-compliance/
To download the Smarsh 2015 UK Electronic Communications Compliance Report, please visit http://www.smarsh.com/whitepapers/2015-uk-electronic-communications-compliance-survey-report
For more information on Smarsh and RIA in a Box, click here