Technology

Guest Post: Cyber Security – lets reiterate the basics

Posted on
Guest Post: Cyber Security – lets reiterate the basics

Be vigilant urges CRIBB Cyber Security’s Patrick J Carolan

With highly publicised data breaches and cyber-attacks occurring daily, cyber security is a major concern for all organisations, their staff and their customers. Large corporations have shown just how much damage can be done when a malicious actor accesses and manipulates an organisation’s systems. A hack can result in immediate financial and operational consequences. Breached businesses often face class-action lawsuits, regulatory fines, reputational damage and a collapse in share price.


MoreMarriott fined £99m for data breach

BA faces record £183m data breach fine


In this age of digital transformation, data needs to be considered as the most important asset of an organisation. Companies need to be investing in cybersecurity, making it a primary focus instead of a secondary thought. With cyber-attacks growing exponentially, criminals are using multiple tactics to breach businesses’ security. Cyber security and the prevention of a cyber-attack requires constant vigilance, understanding and preparation.

The table below shows how the attack vectors have increased substantially, however this has only been reflected through a minimal increase in investment into cybersecurity.

2014 2018
Organisations victimised by one or more successful cyber-attacks 62% 77%
Optimism for dodging a successful cyber-attack in the coming year 62% 38%
IT security’s weakest links Mobile devices Laptops / notebooks Social media Containers Mobile devices Cloud infrastructure
IT security’s greatest inhibitors Low-security awareness among employees Lack of skilled IT security personnel
Greatest cyberthreat concerns Malware

Spear phishing

Malware

Spear phishing

Hottest network security technology planned for acquisition Next-generation firewall (NGFW) Advanced malware analysis
Hottest endpoint security technology planned for acquisition Advanced malware analysis Containerisation /micro-virtualisation
Change in next year’s IT security budget No change Increase 5-9%

Report Defense Cyberthreat 2018

From this table, it’s easy to conclude that businesses must develop their Cyber Protection strategy in line with their expansions in current/future technology and business growth. Establishments are aware that cyber-crimes are on the increase, however many underestimate the required security to prevent criminals from successfully accessing data. There are many methods which a scammer will utilise to exploit vulnerabilities in an organisation’s infrastructure. Here are two areas in which organisations are frequently exposed to a cyber-attack:

Inadvertent engagement by staff

More often than not, cyber-attacks are introduced to networks via an interaction from an employee or user of the system. Phishing and ransomware often require input from an employee to allow it to interact with the IT infrastructure. This can range from an employee opening up an email attachment to inadvertently providing valuable information to the attacker.

Ransomware has quickly become one of the largest threats to organisations; once accidently enabled by a staff member, the software is able to infiltrate networks quickly with potentially costly repercussions. Additionally, it is critical to manage supply chains to ensure that hardware and software is being sourced from reputable and trustworthy companies. Inside vulnerability is often something that is overlooked; ensuring that all staff members are able to recognise threats will result in a reduction in a company’s cyber risk.

Vulnerable IT infrastructures

Companies are now becoming increasingly aware that attempted cyber-attacks will take place. Despite this, many organisations are still making basic mistakes when protecting their networks. Cloud security is often under-established due to organisations believing that the cloud host is responsible for cloud security and not the company themselves. In addition to cloud spaces being left vulnerable to hacks, many organisations are also relying on overly-simple single-factor password methods to protect valuable assets.

Many companies believe they are taking precautions to prevent attacks however, through misinformation and naivety, the precautions being taken are often too basic to address the threat of sophisticated cyber criminals. Establishing complex and thorough security procedures is the only way of reducing the risk of a cyber-attack. With information security and data protection a highly serious matter, firms must respect the acumen of cyber hackers and the tranches of data they can retrieve through intelligent technology.

Some or all of these attack scenarios will be affecting your business and most probably have been for years. It’s crucial to be vigilant and to educate yourself and your staff. In our next article we will follow up with a detailed breakdown of key IT threats facing companies in 2019.

MoreMarriott fined £99m for data breach

BA faces record £183m data breach fine

Comments

This is a community-moderated forum.
All post are the individual views of the respective commenter and are not the expressed views of Travolution.
By posting your comments you agree to accept our Terms & Conditions.