How Companies Can Minimise Cyber Attack Damage

Uploaded on 2018-11-20 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The recent wave of ransomware attacks and preceding waves of cyber breaches could make it appear as though cyber criminals want their pay-off immediately. 

However, cyber criminals often exploit security breaches over the course of months and even years, in covert attacks that can do far more damage to an organisation. SME’s are especially vulnerable to attacks and the scope of damage, but so are large businesses. A lone hacker that took down British Airway’s website for one hour caused a £100,000 loss. 

Another issue is that businesses must now report breaches of their customers’ personally identifiable information security with the General Data Protection Regulation (GDPR).

This means that security breaches must be reported to the authorities within 72 hours of detection if personally identifiable data is at risk. Fines are imposed for a failure to do so, and identifying breaches is often incredibly challenging. 

Benjamin Hosack, Chief Commercial Officer of cyber security firm Foregenix, outlines steps organisations should take in order to minimise the chance to being hacked, improve the ability to identify hacks early and substantially reduce possible damage:

1. Install updates – Research based on 80,000 European websites found that 80% are vulnerable to cyber-attacks and the main reason is a simple failure to install the latest updates. So, patch or update all software.

2. Use threat detection services – Specialist cyber security firms provide high–end Managed Detection and Response Services to cyber threats. As most organisations struggle to detect the threats in the first place, this type of service is vital.

3. Use a honeypot – Honeypots are decoys that appear to be legitimate components of an organisation’s network, containing valuable data. As soon as a honeypot has attracted the attention of the cyber-criminal, a warning is triggered. Combining a honeypot with other security controls provides an additional layer of security.

4. Train your employees – The biggest cyber security weakness in an organisation is the people. Training team and non-technical staff is key. Workers must be informed about the latest cyber threats security. Awareness of threats and how the business might be attacked is important in order to be able to raise the alarm.

5. Monitor security alerts daily – Attack traffic usually has a very specific pattern and hacked business systems can be detected quickly if security alerts are being monitored across the business.

6. Learn from the past to predict future attacks – Cyber criminals certainly do like to strike in the same place twice, and often by the same methods. Pre-emptive action and monitoring based on past attacks can lead to quick identification of a security breach. 

iHLS:                Image: Nick Youngson

You Might Also Read:

The BA Hack And How Not To Respond To A Cyber Attack

« Don't Underestimate The Impact Of Phishing
Russian Internet Research Agency Has A New Propaganda Campaign »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

GovCERT.CZ

GovCERT.CZ

GovCERT.CZ is the Government Computer Emergency Response Team of the Czech Republic.

United Nations Office on Drugs & Crime (UNODC)

United Nations Office on Drugs & Crime (UNODC)

UNODC promotes long-term and sustainable capacity building in the fight against cybercrime through supporting national structures and action.

Cynterra

Cynterra

Cynterra is a next generation cloud cyber security and data analytical service provider offering cloud security compliance, data protection, visibility and threat protection services.

Critical Insight

Critical Insight

Critical Insight provide Managed Detection and Response, Vulnerability Detection, and Consulting Services to help you secure your mission-critical systems.

European Healthcare Fraud & Corruption Network (EHFCN)

European Healthcare Fraud & Corruption Network (EHFCN)

EHFCN is the only organisation dedicated to combating fraud, corruption and waste in the healthcare sector across Europe.

DataCloak

DataCloak

DataCloak is an innovation company that focus on providing enterprise data-in-motion security solutions based on zero-trust security technology.

Fortress Information Security

Fortress Information Security

Fortress Information Security is one of the largest cyber security providers of supply chain risk management and vulnerability risk management in the US.

JM Search

JM Search

JM Search’s Information Technology Executives Practice sources the most sought-after technology roles including CIO, CTO, CISO, CDO and other senior posts.

Swedish Incubators & Science Parks (SISP)

Swedish Incubators & Science Parks (SISP)

Swedish Incubators & Science Parks (SISP) is the Swedish industry association for Swedish incubators and science parks.

GRSi

GRSi

GRSi deliver next-generation systems engineering, cybersecurity, technology insertion and best practices-based Enterprise Operations (EOps) management.

Fifosys

Fifosys

Fifosys is a professional technology infrastructure specialist, delivering a broad portfolio of high quality technical and strategic managed services.

Security Risk Management (SRM)

Security Risk Management (SRM)

SRM provide a comprehensive security risk management service encompassing people, processes, technology, governance, compliance and risk management.

Clarabot Nano

Clarabot Nano

Nano is the secure file sharing tool to improve content search, data access and collaboration between multiple parties.

Protecto

Protecto

Make privacy and governance effortless. Brakes allow you to drive faster. Stronger data privacy and security enable companies to unlock the full potential of the data.

Synagex

Synagex

Synagex Modern IT is a simple IT and cybersecurity solution for businesses.

Alcatel-Lucent Enterprise (ALE)

Alcatel-Lucent Enterprise (ALE)

We are Alcatel-Lucent Enterprise. Our mission is to make everything connect with digital age networking, communications and cloud solutions.