Locking Down Cyber Security

Uploaded on 2022-09-08 in TECHNOLOGY--Resilience, FREE TO VIEW

Many operations are failing to manage the cyber security basics, and this is leaving businesses highly vulnerable.

Why is it that even well-run organisations seem unable to take the critical steps needed to protect themselves? In part it can be attributed to a failure to update ageing IT systems, rendering resilience to hacking, ransom and accidental data loss progressively weaker over time. Innovative IT systems installed 10 years are now archaic.

Furthermore, the different ways in which organisations operate, often using a mixture of new and old (sometimes incompatible hardware alongside complex and frequently poorly updated unpatched software renders many operations more vulnerable. These weaknesses are made worse by the trend to hybrid and remote work and BYOD policies.

In the last year, 39% of UK businesses reported cyber attacks, of which phishing attempts were the most common (83%). This figure has decreased slightly from 46% in 2020, although one in every 3,226 emails an executive receives is a targeted phishing attempt, also known as whaling attacks. 

With only a quarter (26%) of small business professionals considering cyber security to be a top priority, there is real scope for improvement if organisations are to limit the threat that fraud and other online crimes present to their operations. For many, the world of cyber security is a confusing one and it can be hard to know where to start. So what threats do companies face, and what can they do to maintain a secure and thriving ecosystem?

Complacency is the biggest threat to a business’s safety. Just 54% of UK businesses acted to identify cybersecurity risks in the last year and IT teams are often delayed in their response to fixing misconfigured technology and protective tools, leaving their companies open to attacks.

The problem is that most businesses are more focused on their profitability than security, with little consideration for the potential cost of an attack. Employees often use weak or repetitive passwords, or specific teams may employ processes that diverge from their company’s safety regulations. These transgressions can have a huge impact on the entire business; cybersecurity breaches can cost medium to large UK companies often over £8,000 and this does not take account of the impact on reputation. 

The introduction of cloud-based networks has also weakened businesses’ security by globalising the cyber security landscape.

Furthermore, the post-pandemic shift to flexible working means companies can no longer implement overarching regulations, as these may inadvertently hinder employees being able to work effectively. In this new era, security measures need to open up access to remote workers while also empowering the identification and limitation of threats. On top of this, people are more aware of sites tracking them than ever before and there’s a common belief VPNs will keep personal information secure, making these tools increasingly popular despite tests highlighting concerns over security and privacy practices. 

Many companies use VPNs to give their employees access to their system server, however, malicious actors can use VPNs to protect their identities, causing confusion when considering whether a VPN user is legitimate or not.

Training and Education

Implementing effective cyber security measures doesn’t need to be expensive, and introducing simple yet powerful training sessions to educate employees is an easy way to increase awareness, improve security and drive change. Training and explaining to management and staff about the changing phishing attempts and the importance of strong, regularly updated passwords, as well as how password managers can really help and is a very good first step. 

Any organisation's employees can prove to be the weakest link, and junior employees are often deliberately targeted by hackers as they can provide an easy route into a businesses’ databases due to limited security knowledge.

As Internet use is essential for modern businesses, everyone is at risk of cyber attacks - but this needn’t cause anxiety if each individual is taking steps to prevent them. Business leaders need to apply the same logic as insurance only covers so much, especially if the organisation's leaders have failed to properly assessed its risk profile.

Companies must at least ensure they’re taking basic precautions, such as keeping databases secure.

Hackers usually access company networks via mobile phones, laptops or phishing emails, and considering more and more employees are using private devices for business purposes, companies need to deploy security tools that also cover these personal devices. While greater employee education is paramount, it’s not enough on its own to provide sufficient cyber security.

Implementing robust technological solutions will add an extra layer of defence, like CCTV cameras outside your home. This is where IP address data is crucial; it carries rich geolocation information and can provide details on whether an IP address, essentially like a post-code for an internet login, is proxied or masked, and whether it relates to a home address or a business. By partnering with technology providers who have access to these insights, businesses can identify in real time how and where a device is connecting to the Internet to spot, and block, cyber-attacks.

Businesses should also incorporate data from virtual private networks (VPNs) and proxy servers to build a more accurate view of who is accessing their network. 

Opportunistic hackers often take advantage of the IP-address-disguising capabilities of proxies and VPNs, so sophisticated technology can help companies examine data from these sources to weed out malicious players. 
Businesses can even automate this process by integrating the data into their front-end online security processes, while proxy data can activate fraud alerts. It’s important to ensure the data used is of the highest quality. By working with providers that regularly update their proxy and VPN data, and guarantee it comes from reliable sources, companies can ensure their security systems are operating on accurate information.

When it comes to cyber security, learning from past mistakes is crucial and these areas are fundamental areas for an organisation to monitor continually.

Change

Organisations face a constantly changing array of pressures from multiple sources. Competitive threats, 
New regulations, financial uncertainty, technological shifts, and business risk all force managers to maintain a state of perpetual vigilance. Globalisation and technological advancements have enabled new business models and competitors to spring up overnight. The ability of businesses to respond effectively to these pressures can be in itself a source of sustainable competitive advantage. 

Compliance

Corporate governance, risk management, and compliance with policies and regulations are in sharp focus for most organisations. It’s not enough to express intent to follow regulations and policies, organisations must measure and transparently report on how completely they are being followed. Efforts to ensure consistent experiences for customers and to wring efficiencies from standardisation are often competing with individual workers whose sense of privilege or creativity conflicts with the corporate standard. Getting it wrong in this area can have devastating consequences on the viability and competitiveness of any firm. The survival of every organisation hinges on its ability to deliver value for its customers. 

Continuity 

Organisations routinely spend hundreds of thousands of dollars on hot-standby computers, back-up power sources, and disaster recovery locations to create resiliency in their physical security platforms. These measures are not only expensive; they are often reliant on internal computer networks that are likely to be severely challenged by any form of massive disaster. If employees cannot get to the machines that operate the security platform, all the redundant measures will be devalued

Coverage

Organisations often find that the best way to accelerate profitable growth is through geographic expansion. Expansion comes with significant challenges, risks, and expenses. Management teams will be extended a bit further, as will scarce company resources. Solutions that provide good results in one location or at a small campus can become troublesome when multiplied for many geographically dispersed sites. Typically, these latter types of installations expose the vulnerabilities, complexities, and hidden expenses of traditional client/server solutions. 
Security as a Service solutions provide clear benefits for organisations with geographically dispersed sites. The low initial costs and wide-scalability of SaaS solutions give organisations access to world-class technologies with an economic model that promotes expansion instead of restricting it. 

Securely using the public Internet as a communication channel can greatly simplifies the deployment of remote sites for IT departments. 

The centrally hosted SaaS model provides all the central oversight and management needed in well-run organisations without requiring costly investments in dedicated infrastructure. Given the number of people who are still acting negligently with regards their own cyber security, perhaps it’s not yet been considered in the risk analysis for insurers.

By identifying areas of weakness and the valuable assets that are most in need of protection, businesses can tighten their security and protect themselves against bad actors. 

Educating employees to eliminate basic errors will empower them to lock criminals out, while partnering with the right technology and IP address data providers double-bolts the door against hackers, making the identification of security breaches quicker, easier, and more effective. The best way to get peace is by taking an active approach and do something about it.

By implementing a cyber security risk management plan, you will be able to limit the damage caused by a potential cyber attack.

Business Leader:   Brivo:   CIO:     David Mytton:     Rail Monitor:   Christopher Hodson

You Might Also Read:

Ransom: Prepare For The Worst:





 

« The Quantum Internet Could Be Immune To Cyber Attack
(ISC)² Makes Cyber Security Careers More Widely Accessible »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Centre for Secure Information Technologies (CSIT)

Centre for Secure Information Technologies (CSIT)

CSIT is a UK Innovation and Knowledge Centre (IKC) for secure information technologies. Our vision is to be a global innovation hub for cyber security.

Cybsecurity Foundation (CSF)

Cybsecurity Foundation (CSF)

Cybsecurity is a non-profit NGO, which aims to work on improvement of security levels in the Polish cyberspace.

GovCERT.CZ

GovCERT.CZ

GovCERT.CZ is the Government Computer Emergency Response Team of the Czech Republic.

Foresite

Foresite

Foresite is a global service provider, delivering a range of managed security and consulting solutions.

Cyberwrite

Cyberwrite

Cyberwrite was founded to provide underwriters around the world a unique and innovative Cyber Underwriting platform.

SecuDrive

SecuDrive

SecuDrive, provides hardware encrypted external storage devices to protect a company’s sensitive and important data.

SysTools

SysTools

SysTools provides a range of services including data recovery, digital forensics, and cloud backup solutions.

Cybersecurity Professionals

Cybersecurity Professionals

Search vacancies from top cyber security jobs worldwide on CyberSecurity Professionals. View IT security jobs or upload your CV to be seen by recruiters from industry leading firms.

Reliance Cyber

Reliance Cyber

Reliance Cyber (formerly Reliance ACSN) help to monitor and manage your organisation’s security infrastructure 24/7, so you can make sure all threats and issues are dealt with.

Silent Quadrant

Silent Quadrant

Silent Quadrant delivers incomparable cybersecurity consulting, digital transformation, and risk management within our purpose-driven clients - empowering them to be the most resilient entities.

Digistor

Digistor

Digistor is a leading manufacturer of industrial-grade flash storage products, secure storage products, and Removable Secure Data Storage.

HEROIC Cybersecurity

HEROIC Cybersecurity

HEROIC’s enterprise cybersecurity services help improve overall organizational security with industry best practices and advanced technology solutions.

Summit 7 (S7)

Summit 7 (S7)

Summit 7 is a national leader in cybersecurity, compliance, and managed services for the Aerospace and Defense industry and corporate enterprises.

OccamSec

OccamSec

OccamSec is a leading provider in the world of cybersecurity. We provide accurate, actionable information to reduce risk and enable better informed decisions.

SecureWeb3

SecureWeb3

SecureWeb3 helps businesses and brands to secure their Web3 presence by offering a full suite of security services including training, consultancy & brand protection solutions.

3DOT Solutions

3DOT Solutions

3DOT Solutions is an established UK cybersecurity consultancy focused on delivering end-to-end cyber security solutions for private and public sector customers.