Blog · 05 Sep 2017

Your cyber security journey: Stage one — ‘Denial’

Discover the first stage on your cyber security journey — ‘Denial’. What is it? And how do you move on? BT’s President of Security, Mark Hughes, explores.

President, BT Security

The journey begins

In my last blog, I introduced the cyber security journey — ‘Denial’, ‘Worry’, ‘False Confidence’, ‘Hard Lessons’ and ‘True Leadership’.

These are the five stages that organisations need to navigate, in order to achieve effective security in a truly dangerous threat landscape. But here’s the catch — your organisation could already be at any stage of this journey.

To help you identify your current position (and figure out how to move forward), I’ll go through each stage, in detail. So, without further ado, let’s dig into stage one — ‘Denial’.

Is your organisation in denial?

This stage is fairly self-explanatory. If you’re in denial about cyber security, then you believe that either your organisation isn’t a target, or that an attack is inevitable and therefore you may as well do nothing.

Sorry, but on both counts, you’d be wrong.

Through our research we found that many small-to-medium enterprises believe that they’re too insignificant to be a target. That couldn’t be further from the truth. The reality is that every organisation, no matter its size, will face multiple, low-level attacks — every day.

And here’s the thing — these attacks don’t need to be sophisticated to be successful. The WannaCry attack hit over 200,000 systems, only because people hadn’t updated their operating systems.

How to move on to the next stage

Doing nothing is not an option. Yes, it’s impossible to create a system that’s completely and utterly impenetrable. But there are many paths for you to take that can drastically reduce the chance of an attack, and, importantly, mitigate the damage if or when an attack takes place.

Where do you start? With the basics. As I mentioned, a simple update would’ve stopped WannaCry — so a good place to start is to make sure your systems are up-to-date with all the latest patches.

Then make sure your people understand the seriousness of cyber security. This means everyone, not just the people making decisions. Every single one of your people needs to know what a phishing email or risky link looks like, so that they don’t inadvertently allow the criminals into your system.

Prepare to worry

‘Denial’ is possibly the easiest stage to move on from. You just need to accept that you’re at risk — and focus on cyber security essentials. Once that’s done, you’ll move onto the next stage: ‘Worry’. And that might not be so easy to get through.

Stay tuned for my next blog, to find out why.


Related content


Machen Sie Sicherheit zum integralen Bestandteil des Unternehmens


Fünf Schritte, um die Cyber-Abwehr zu perfektionieren

BT image banner
Mehr dazu auf Englisch

Der Weg zur Cybersicherheit: Etappe zwei – „Sorge“

Begleiten Sie Mark Hughes, President of Security bei BT, bei seiner Erkundung des Wegs zur Cybersicherheit. Diesmal im Fokus: Etappe zwei – „Sorge“.