Effective and affordable ways to reduce your organisation’s exposure to the more common types of cyber attack.
If your organisation is likely to be targeted by a more technically capable attacker, give yourself greater confidence by putting in place these additional controls set out in the 10 Steps to Cyber Security:
Cyber security training should be treated as an ongoing process and include employees across the whole organisation.
Many high-profile cyber attacks have featured in the news lately, to name a few:
Cyber attacks, hacking, data breaches and identity theft are terms that most people are familiar with, and the need to educate employees about how their actions impact company cyber security is greater than ever.
A study published this week has revealed that businesses are "dangerously" unprepared for cyber-attacks, with threats causing mayhem for IT management teams (source: Computing.co.uk)
While IT and cyber security professionals are experts at protecting networks and devices, and integrating security measures to anticipate a breach, that cannot be a businesses only line of defence. Employee education and training can help minimise cyber vulnerabilities and prepare employees for the event of a breach, in turn helping to protect the organisation and its customers.
Employees often are unaware of the potential consequences of their actions while working on a computer, laptop or mobile device and how those actions can make the company vulnerable to cyber-attacks.
Providing training to your employees can raise awareness of the potential risks and ensure they understand how their actions can impact cyber security.
The on boarding process can also form part of the process by incorporating background checks on potential employees. As new employees join the workforce, organisations also need to be sure they have an effective training plan in place.
As part of the on boarding process, new employees should be warned to:
Don’t be afraid to test your cyber security policy, send a mock-questionable link to employees to see if anyone clicks on it.
Cyber security training should not be a one-time event or something that only applies to the IT department. It should be treated as an ongoing process and include all employees.
Build a team of cyber security experts within your business, including representatives from key areas within the business. Ensure they are aware of what types of threats are out there and how to be react should an attack take place to minimise any damage. Being prepared for if an attack does happen will ensure minimal damage to your business and help you get back to normal as quickly as possible.
Key areas to focus on should include:
Review the nature, probability and dangers of possible attack methods like hacks, breaches, and email phishing, texts or social media. Also review common entry points or data-rich targets within the company. Any system with data that can be monetised such as health care records, bank information, credit card numbers, emails – can pose a risk and should be part of the response planning process.
Provide general background on the different categories of cyber attacks and how the scope, style and motivations of each play an important factor in developing the most appropriate response plan.
Cyber criminals are motivated by money and are typically responsible for hacks like retail data breaches and phishing attacks. There is high risk to individual customers in terms of compromised personal or financial data and identity theft.
Take the education a step further by displaying tip sheets and posters around office common areas or by participating in ongoing cyber safety events like National Cyber Security Awareness Month or Safer Internet Day. Keeping the issue top of mind for your team helps mitigate risk and build resiliency.
Some common indicators of scams include:
New IT security advances will enable organisations to spot and mitigate potential breaches before they occur.
Historically businesses have been primarily concerned with securing themselves against external cyber threats such as viruses and hackers. Yet some of the biggest threats have been due to insider mistakes or misuse.
The crux of it is that many businesses still have insufficient visibility into what changes their users are making within their IT environment.
A 2017 IT Risks Survey of more than 600 IT Pros confirms that “66% of organisations perceive employees to be the biggest threat to system availability and security”
Research has revealed that around one quarter (24%) of UK employees admit to intentionally sharing confidential business information outside their organisation, typically to competitors or new and previous employers.
The introduction of GDPR has made data breaches more important, as any data breach that does occur has to be reported within 72 hours.
Looking ahead, a number of emerging IT security advances will arm organisations with the right information at the right time to help spot and mitigate potential breaches before they can occur. Here, in no particular order, are five security trends that are set to make a big impression on enterprise in 2019.
1. Security compliance will become more important
General Data Protection Regulation (GDPR) ensures that organisations must be aware what data they have, where it’s stored and who is responsible for it. This, along with stricter penalties for non-compliance, will require businesses to upgrade their data privacy controls. Fines for data breaches have started to occur, to read more about these click here
2. Advanced analytics will improve data security
Organisations currently use a combination of security products which generate a large volume of data, making it hard to spot information requiring immediate attention. Advanced data analytics tools will help organisations drill down into the information to find potential threats more easily.
The growing adoption of technologies like user and entity behaviour analytics (UEBA) will enable organisations to establish stricter control over their IT infrastructures and better understand their weak points, so they can fix security holes before a data breach occurs.
3. Tailor-made security
The global cyber security market is evolving. Security vendors are rapidly expanding their range of solutions to allow them to solve similar pain points differently according to the customer’s infrastructure. With strong data protection practices in high demand, security vendors will start to offer a more personalised approach, taking into account factors like IT infrastructure size and complexity, industry and budget. A more customised approach to IT security will provide organisations with solutions that are uniquely tailored to their requirements. Smaller, more specialist software providers will win business against larger, less flexible vendors by providing offerings that are ideally suited to meet specific business needs.
4. Continuous reviews will improve decision-making
In 2017, Gartner proposed a new approach to security based on a continuous process of regular review, re-assessment and adjustment, known as CARTA (Continuous Risk and Trust Assessment).
We can expect this approach to become more popular as businesses try to mitigate cyber security risks. Real-time assessment of risk and trust in the IT environment enables companies to make better decisions regarding their security position.
5. Blockchain principles to be applied to data security
An emerging approach to mitigate the increasing number and sophistication of cyber threats is to harness blockchain principles to strengthen security. With blockchain technology data is stored in a decentralised and distributed manner.
Instead of being stored in a single location, data is stored in an open source ledger. It makes mass data hacking or data tampering much more difficult because all participants in the blockchain network would immediately see that the ledger had altered in some way. Blockchain has the potential to be a major leap forward for securing sensitive information, especially in highly regulated industries like finance, government, health and law.
In summary, insider mistakes and privilege misuse have repeatedly been the source of security breaches and are as much a vulnerability to organisations as outsider threats.
Even though every organisation has its own individual security risks requiring different defence methods for mitigating insider and outsider attacks, some common technology trends are emerging. Businesses will need to adopt more continuous protection strategies, while vendors will take advantage of the latest technology advances to create more customised and better targeted solutions.
Therefore, we should see organisations becoming more proactive about securing confidential information, especially where consumer data is concerned. Malicious insiders and hackers alike will find their work more difficult. Stealing corporate data will take much take more time and effort than it did in the past while the overall chances of being caught will also be higher.