May 19, 2020

How can European businesses prevent cyber attacks?

Cyber security in Europe
FM Global
Ben McKenna
FM Global
5 min
How can European businesses prevent cyber attacks?

The need for cyber security is increasingly apparent for European businesses. Cyber-attacks, ranging from targeted viruses to personal data breaches, are both frequent and severe. According to Lloyds of London, as many as nine out of ten big European businesses were hit by a significant cyber-attack in the last year. However, an alarming amount of European firms are still complacent about cyber security.

Today, an awareness of cyber risk is vital to ensure a resilient business. The risk of an attack targeting you or one of your suppliers is only increasing –according to the Identity Theft Resource Center, more than 169 million personal records were exposed in 2015. Combine this with the fact that 38 percent more security incidents were detected in 2015 than 2014, and the extent of this problem is realised.

The Internet of Things (IOT), the network of interconnected physical objects that can collect and exchange data, is also set to raise the concerns presented by cyber. Reports have recorded that there are currently 6.1 billion interconnected devices; which will grow to 50 billion by 2020. According to Forbes, IOT could add another 29$bn to the cost of cybercrime by 2020.

With the potential damage that cyber-attacks can bring, building resilience should be top of mind for European businesses. Organisations must have specific measures in place to avoid cyber-attacks as they would for any ‘traditional’ risk such as a natural catastrophe.

If a business is not prepared for a cyber-attack, it could find itself exposed to damage from data breaches and hacks. To protect against such risks, companies need a comprehensive understanding of the specific cyber insurance available, as well as an appreciation of the steps that they can take to minimise the likelihood of loss.

So what can businesses do to safeguard themselves from the increased threat of cyber-attacks?

Auditing your suppliers and partners

Cyber risk has become a supply chain issue for organisations today. No matter how well you’ve secured your own organisation against cyber threats, you could still be exposed to risk through your partners and suppliers. Let’s say you’re a manufacturer: what if one of your key suppliers is attacked, disrupting both their and your operations as well? Forbes has reported that the manufacturing industry was amongst the top five industries that ran a risk of a cyber-attack in 2016. With manufacturing companies increasingly relying on software to automate processes, manage partners and facilitate R&D, targeting their supply chains has become increasingly attractive to cybercriminals.

Loss Prevention

While businesses can undertake different methods to minimise the damage caused by a cyber breach, there are also many ways to prevent the breach from happening in the first place. Organisations should build cyber-resilience into their corporate structure so that they are not just reactive but also proactive.

This can be done through:

  • Reviewing physical security to prevent unauthorised access to the facility and critical areas
  • Ensuring that employee/contractors systems access restricted
  • Enforcing a clear desk policy and locked shredding bins so sensitive data in paper form is not lying around
  • Using encryption  where possible including for file sharing
  • Breach Response Planning and stress testing
  • Educating employees (do’s and don’ts and policy compliance)
  • Ongoing security monitoring

Have a plan in place for a quick recovery after a cyber-attack

While there are many simple things you can do to prevent cyber-attacks, you will never be able to fully eliminate the risk – hackers continually find new methods, and will be able to get around even the tightest security.  Businesses should therefore also make sure that they have a continuity plan in place in the event of a cyber-attack. According to an NTT survey on cyber-attacks, 67 percent of respondents believe that it would take their organisation close to eight weeks to fully recover from a security breach. By having a clear and structured recovery plan in place, you can reduce the time taken to get back to full operations and consequently the costs of a full recovery.

Your business continuity plan should address areas such as:

  • How are you going to gain control of a security breach and recover?
  • What do you define as an acceptable recovery time?
  • What is the process for reporting incidents?
  • How are you going to raise security awareness to employees?
  • How are you going to manage and communicate security policies?
  • Who is responsible for the above and can manage the communication with employees, clients and suppliers?

Through following these steps, businesses are able to reduce the recovery time after as well as the costs caused by an attack.

Taking out adequate insurance

At FM Global, we believe that business resilience and the long term success of an organisation go hand in hand. Therefore we have broadened our policy to ensure that we can help our clients tackle the rapidly increasing threat that is cyber, with the essential coverage needed for common cyber loss events including:

  1. Damage to data, programs or software created by harmful viruses or other malware
  2. Computer network service interruption due to malicious cyber activity
  3. Third- party data services interruption (cloud outage) leading to business interruption and/or property damage
  4. Resulting property damage and business interruption on all-risk basis, to the policy or location limit. The FM Global Advantage policy does not any cyber exclusions.

Businesses can never be certain that they are 100 percent protected from a cyber-attack. However, by enforcing these effective measures, organisations will be able to build ‘business resilience’ from the threat of cyber, which could lead to competitive advantage in an increasingly competitive world.

By Ben McKenna, FM Global

Read the December 2016 issue of Business Review Europe magazine. 

Follow @BizReviewEurope

Share article

Jun 18, 2021

GfK and VMware: Innovating together on hybrid cloud

3 min
VMware has been walking GfK along its path through digital transformation to the cloud for over a decade.

GfK has been the global leader in data and analytics for more than 85 years, supplying its clients with optimised decision inputs.  

In its capacity as a strategic and technical partner, VMware has been walking GfK along its digital transformation path for over a decade. 

“We are a demanding and singularly dynamic customer, which is why a close partnership with VMware is integral to the success of everyone involved,” said Joerg Hesselink, Global Head of Infrastructure, GfK IT Services.

Four years ago, the Nuremberg-based researcher expanded its on-premises infrastructure by introducing VMware vRealize Automation. In doing so, it laid a solid foundation, resulting in a self-service hybrid-cloud environment.

By expanding on the basis of VMware Cloud on AWS and VMware Cloud Foundation with vRealize Cloud Management, GfK has given itself a secure infrastructure and reliable operations by efficiently operating processes, policies, people and tools in both private and public cloud environments.

One important step for GfK involved migrating from multiple cloud providers to just a single one. The team chose VMware.

“VMware is the market leader for on-premises virtualisation and hybrid-cloud solutions, so it was only logical to tackle the next project for the future together,” says Hesselink.

Migration to the VMware-based environment was integrated into existing hardware simply and smoothly in April 2020. Going forward, GfK’s new hybrid cloud model will establish a harmonised core system complete with VMware Cloud on AWS, VMware Cloud Foundation with vRealize Cloud Management and a volume rising from an initial 500 VMs to a total of 4,000 VMs. 

“We are modernising, protecting and scaling our applications with the world’s leading hybrid cloud solution: VMware Cloud on AWS, following VMware on Google Cloud Platform,” adds Hesselink.

The hybrid cloud-based infrastructure also empowers GfK to respond to new and future projects with astonishing agility: Resources can now be shifted quickly and easily from the private to the public cloud – without modifying the nature of interaction with the environment. 

The gfknewron project is a good example – the company’s latest AI-powered product is based exclusively on public cloud technology. The consistency guaranteed by VMware Cloud on AWS eases the burden on both regular staff and the IT team. Better still, since the teams are already familiar with the VMware environment, the learning curve for upskilling is short.

One very important factor for the GfK was that VMware Cloud on AWS constituted an investment in future-proof technology that will stay relevant.

“The new cloud-based infrastructure comprising VMware Cloud on AWS and VMware Cloud Foundation forges a successful link between on-premises and cloud-based solutions,” says Hesselink. “That in turn enables GfK to efficiently develop its own modern applications and solutions.

“In market research, everything is data-driven. So, we need the best technological basis to efficiently process large volumes of data and consistently distill them into logical insights that genuinely benefit the client. 

“We transform data and information into actionable knowledge that serves as a sustainable driver of business growth. VMware Cloud on AWS is an investment in a platform that helps us be well prepared for whatever the future may hold.”

Share article