ISMS.online has released its ‘State of Information Security’ report which surveyed 502 people in the UK (over 1500 globally) who work in information security across 10 sectors including technology, manufacturing, education, energy and utilities and healthcare.
ISMS.online has released its ‘State of Information Security’ report which surveyed 502 people in the UK (over 1500 globally) who work in information security across 10 sectors including technology, manufacturing, education, energy and utilities and healthcare. The main findings that it exposed are: 79% of businesses have been impacted due to an information security incident caused by a third-party vendor or supply chain partner. Over 99% of UK businesses received hefty fines for data breaches or violation of data protection rules over the last year Deepfakes now rank as the second most common information security incident for UK businesses and have been experienced by over a third of organisations.
What does all of this mean? As data breaches continue to surge, government entities and trade bodies are in turn, trying to meet these challenges with updates and implementation of regulations and compliance mandates. Listen in as Luke speaks to IT managers about the need to build robust and effective information security foundations, invest in securing their supply chains and increasing employee awareness and training.
Learn more about ISMS.online: https://itspm.ag/ismsonline08ab81
Note: This story contains promotional content. Learn more.
Guest: Luke Dash, CEO, ISMS.online
On LinkedIn | https://www.linkedin.com/in/luke-dash-33867b25/
Resources
The State of Information Security Report 2024: https://itspm.ag/ismsonlinef56b77
Learn more and catch more stories from ISMS.online: https://www.itspmagazine.com/directory/isms-online
View all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
Revolutionizing Data Privacy and Information Security Compliance: Latest Findings from the ‘State of Information Security’ Report | A ISMS.online Brand Story with Luke Dash
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
Sean Martin: [00:00:00] And here we are. We're ready for another seven minutes here on ITSB Magazine with a new short brand story. Today I'm joined by Luke Dash. He's the CEO at ISMS Online, revolutionizing the way businesses across the globe handle data privacy and information security compliance across 100 standards and regulations.
With over 25, 000 users, ISMS Online empowers organizations to secure and scale their compliance with ease. Sounds really cool, Luke. Thanks for joining.
Luke Dash: Thank you so much for having me, Mark. Sure.
Sean Martin: It's going to be a great conversation. And, uh, You stay in touch with a lot of folks and obviously to help shape what you do for them.
And one of the things you do is put together a state of information security report that currently the latest one has over 500 people out of the UK and 1500 globally. Can you tell me a bit more about, uh, that report and maybe some of the initial findings that you want to highlight?
Luke Dash: Exactly. You know, one of the things that we wanted to do as a [00:01:00] business was to provide value about the industry and not just sell.
Services or solutions into that. So we've done this now for two years running. Um, I suppose where I could start with, uh, really is, is in and around this new topic of deep fakes. I think if you and I were talking 10 years ago, we'll be, we'll be speaking about all sorts of other things, phishing emails, et cetera, et cetera.
But now the real, you know, the real hot topic and the big mover has been deep fakes. As I said, we did it 24 months ago, zero businesses out of 1500 had experienced deepfake attacks. This year when we ran it, it was the second highest ranking with, um, you know, over 30 percent in the UK and the US, uh, stating that they'd been impacted by that.
And it's not just, you know, your business, it's also the businesses that you work with. So for example, um, I think almost 80 percent of businesses have been impacted due to something to do with the supply chain or to do with their, um, their third party vendors. So it's, you know, that old saying [00:02:00] around, uh, you're only as strong as your weakest link is truly important when it comes to information security management.
But there's just a couple of kind of snippets from the report.
Sean Martin: Yeah. And I don't, I don't know if you have, uh, data to share, but impact means something, right? It's not just, I saw something. So an impact, and you talked about third party. Can you shed some light on kind of what, what these organizations are experiencing?
Luke Dash: Yeah. So, um, ultimately, you know, there's been an, or most of the people that we spoke to within the, uh, the report had. In the survey, sorry, had actually received hefty fines of 90 percent for data breaches and violations, whether it be through them or through third parties. So these things have serious ramifications, not just financially, but also from a brand recognition perspective, you know, your brand can be damaged by data leaks and things like that.
And we've certainly seen it in the news over the last 12, 24 months, the damage that that can have on businesses.[00:03:00]
Sean Martin: And so when we talk about trust, I mean, there's working with partners and supply chain and third parties have become an even bigger challenge to get a handle on, um, how, how do organizations know that they can trust the partners they're working with?
Luke Dash: Exactly. I think it's becoming more and more prevalent that, um, businesses are now taking, uh, information security standards or all sorts of ISO standards far more seriously.
So actually, if you're working, for example, with anyone in the UK government sector, you will need to have ISO 27001 as a prerequisite standard within your business. You know, if you were looking at manufacturing, you would have to have ISO 9001. So I think that, um, You know, taking a look, not just at the services that your third party vendors provide, but also how seriously they take their own governance is a really, really important factor and needs to be put into, you know, the supply chain assessments that people do.[00:04:00]
Sean Martin: And so I think there's a good place for us to talk about some of the things you do at ISMS in terms of helping organizations get a, get a grasp on What's going on and what they need to do.
Luke Dash: Yeah. And I think, you know, if you break it down into three, uh, parts, it's, it's people process and tools, you know, ultimately we provide a software, which, which, which helps people to manage their information security.
What we'd also encourage businesses investing in people, you people are your assets. And they're also your highest risk. So invest in training, development, staff awareness, and whatnot as well. Review your processes, make sure that you are constantly reviewing those processes, and make sure that the systems and tools that you have in place, like for example, an information security management tool, that are helping you remain safe as well as your customers.
Sean Martin: And so what, what parts of those, uh, things does ISMS help with?
Luke Dash: Yeah. So ISMS [00:05:00] ultimately helps with, um, the process and tools elements. So, um, obviously as a system, we, uh, provide auditor level guidance. For all standards. But really, our roots are in 27, 001, which is the gold information security standard recognized globally.
So ultimately, what we do is we provide a platform that enables you to stick to the standard and make sure that you're getting guidance because One of the things with information security is it can get quite complex. So we try and simplify that for customers to make sure that them and their employees and their staff are actually understanding how to behave and the ways in which to do that.
And it's an ongoing process. Continual improvement all the time is critical to businesses within this.
Sean Martin: Yeah, because I mean, we clearly the business changes, the threats change, the regulations change. And the report is you highlighted, uh, the, the threats are evolving, right? That deep fakes weren't a thing a couple of years ago.
[00:06:00] So having your insight into this organizations don't become a statistic in the next report, right? They, they become, they become a beneficiary of the work that you do.
Luke Dash: Exactly. And I think the thing, the misconception previously was it's coming, it's coming, it's coming with regards to things like, well, they're here, they're here now, they're here today, and they're impacting businesses and causing financial and brand pain for companies as well.
Sean Martin: So last bit of time we have here, Luke, anything else you want to highlight from the report and maybe a word on how folks can get to it?
Luke Dash: What I would say is businesses should really start to take their information security management seriously. The sector is growing at 40 percent year on year, which is huge because more and more businesses are realizing, and not just the big businesses, all businesses from small to large are realizing your back end needs to be as secure and as important as your front end growing.
Sean Martin: And that [00:07:00] is seven minutes here on ITSP Magazine. Thanks everybody for listening. And Luke, thanks for, thanks for joining us. Thank you so much, Sean. Cheers.