20 February 2018
McKinsey highlights the latest issues surrounding cyber crime and security in the IoT age
The Internet of Things (IoT) is the interconnection via the internet of computing devices embedded in everyday items such as phones and computers, enabling them to send and receive data. With technology continually advancing, billions of devices are being bought online further developing the Internet of Things and creating new vulnerabilities.
As the digital ages continues and technology continues to advance, digitisation has risen on the executive agenda of many companies, cybersecurity skills and processes have also advanced, but at a slower pace. Rapid growth in the IoT is changing the game. Cyber security is more relevant and challenging than ever, and companies need to build capabilities in this area - quickly.
IoT holds great potential to help companies improve their products and services or increase production efficiency by harnessing sensors and actuators that seamlessly connect objects to computing systems. No wonder, then, that many companies are bringing more and more devices, products, or production systems online, meaning suggested estimates are putting connected devices to reach between 20 and 30 billion globally by 2020.
However, as devices proliferate, the security risks will increase sharply. Historically, risking the confidentiality and integrity of information was the prime concern compared with any risk regarding availability. In the IoT world, lack of availability of key plants or even worse - tampering with a customer product becomes the dominating risk.
With the IoT, security challenges move from a company's traditional IT infrastructure into its connected products in the field, as many companies due to IoT, are likely to have millions or tens of millions of endpoints. And these challenges remain an issue through the entire product life cycle, long after products have been sold. What's more, industrial IoT, or Industry 4.0, means that security becomes a pervasive issue in production as well. Cyber threats in the world of IoT can have consequences beyond compromised customer privacy.
This added complexity makes the IoT a more difficult security environment for companies to manage. Those that succeed, though, could use strong cybersecurity to differentiate themselves in many industries.
McKinsey conducted a multinational expert survey with 400 managers from Germany, Japan, UK and the United States, to explore the views on the relevance of and companies' preparedness for IoT security. The results indicate a yawning gap between perceived priority and the level of preparedness:
- 75% of respondents said that IoT security is either important or very important, and that its relevance will increase. But only 16% say their company is well prepared for the challenge. The survey also indicated that low preparedness is often linked to insufficient budget allocated to IoT cybersecurity.
- The interviews revealed that many companies are ill prepared at every step of the IoT security action chain (predict, prevent, detect, react).
- More than one-third of companies lack a cybersecurity strategy that also covers the IoT. The rest have some sort of strategy but many report struggling to implement it.
Why haven't companies made progress on cyber security implementation, given the perceived risk? The survey indicated a few factors:
- Lack of prioritization.
- Unclear responsibility.
- Lack of standards and technical skills.
How you hedge against the threat?
The BPIF can help make your business secure with certification for both the Cyber Essentials scheme and IASME governance.
Cyber Essentials is a Government backed cyber security certification scheme that sets out a good baseline of cyber security suitable for all businesses. When implemented correctly, you can prevent around 80% of cyber attacks. Cyber Essentials helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security. The Government wants every company in the UK to be certified by 2020.
IASME (Information Assurance for Small to Medium-sized Enterprises) is a governance standard that demonstrates a company's level of cyber security for a realistic cost. IASME demonstrates that you are taking good steps to properly protect information security and is an internationally recognised alternative to the ISO 27001 standard, for smaller businesses.
What we offer:
• Cyber Essentials, IASME Governance and GDPR Ready - Managed
• Cyber Essentials, IASME Gold and GDPR Ready - Fully Managed
• Cyber Essentials PLUS - Fully Managed
All Fully Managed Cyber Essentials, Cyber Essentials PLUS and IASME Gold are moderated by IASME. IASME is one of the Cyber Essentials accreditation bodies appointed by the UK Government.
Click here for further details.
Pay Review Data, Wage Benchmarking and Cost of Living – FEB 2024 UPDATE
14 February 2024
We have collated data from multiple sources that should be useful for BPIF members that are approaching internal pay reviews, and/or are having a closer look at their pay and benefits structure. The datafile, first published in February 2023, has been updated with the latest available data - and additional content on factors exerting pressure on pay settlements in 2024.
Slight recovery of output and orders falls short of expectations in Q4 - confidence concerns mount in 2024
22 February 2024
Performance in the UK's printing and printed packaging industry did improve in Q4, as far as output and orders are concerned. However, it didn't come close to what would historically be considered the seasonal norm, nor quite match the subdued expectations for Q4.
The BPIF is the printing industries champion. By becoming a member you join a diverse and influential community. We help you solve business problems, connect you to new customers and suppliers and make your voice heard in government.
Call 01676 526030