Our blog

Your cyber security journey: Stage one — ‘Denial’


05 September 2017

Mark Hughes

Blogs by author: Mark Hughes, President, BT Security


Discover the first stage on your cyber security journey — ‘Denial’. What is it? And how do you move on? BT’s President of Security, Mark Hughes, explores.

The journey begins

In my last blog, I introduced the cyber security journey — ‘Denial’, ‘Worry’, ‘False Confidence’, ‘Hard Lessons’ and ‘True Leadership’.

These are the five stages that organisations need to navigate, in order to achieve effective security in a truly dangerous threat landscape. But here’s the catch — your organisation could already be at any stage of this journey.

To help you identify your current position (and figure out how to move forward), I’ll go through each stage, in detail. So, without further ado, let’s dig into stage one — ‘Denial’.

Is your organisation in denial?

This stage is fairly self-explanatory. If you’re in denial about cyber security, then you believe that either your organisation isn’t a target, or that an attack is inevitable and therefore you may as well do nothing.

Sorry, but on both counts, you’d be wrong.

Through our research, produced in partnership with KPMG, we found that many small-to-medium enterprises believe that they’re too insignificant to be a target. That couldn’t be further from the truth. The reality is that every organisation, no matter its size, will face multiple, low-level attacks — every day.

And here’s the thing — these attacks don’t need to be sophisticated to be successful. The WannaCry attack hit over 200,000 systems, only because people hadn’t updated their operating systems.

How to move on to the next stage

Doing nothing is not an option. Yes, it’s impossible to create a system that’s completely and utterly impenetrable. But there are many paths for you to take that can drastically reduce the chance of an attack, and, importantly, mitigate the damage if or when an attack takes place.

Where do you start? With the basics. As I mentioned, a simple update would’ve stopped WannaCry — so a good place to start is to make sure your systems are up-to-date with all the latest patches.

Then make sure your people understand the seriousness of cyber security. This means everyone, not just the people making decisions. Every single one of your people needs to know what a phishing email or risky link looks like, so that they don’t inadvertently allow the criminals into your system.

Prepare to worry

‘Denial’ is possibly the easiest stage to move on from. You just need to accept that you’re at risk — and focus on cyber security essentials. Once that’s done, you’ll move onto the next stage: ‘Worry’. And that might not be so easy to get through.

Stay tuned for my next blog, to find out why.

In the meantime, make sure you download our report to get even more information on the five stages.