How Companies Can Minimise Cyber Attack Damage

Uploaded on 2018-11-20 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The recent wave of ransomware attacks and preceding waves of cyber breaches could make it appear as though cyber criminals want their pay-off immediately. 

However, cyber criminals often exploit security breaches over the course of months and even years, in covert attacks that can do far more damage to an organisation. SME’s are especially vulnerable to attacks and the scope of damage, but so are large businesses. A lone hacker that took down British Airway’s website for one hour caused a £100,000 loss. 

Another issue is that businesses must now report breaches of their customers’ personally identifiable information security with the General Data Protection Regulation (GDPR).

This means that security breaches must be reported to the authorities within 72 hours of detection if personally identifiable data is at risk. Fines are imposed for a failure to do so, and identifying breaches is often incredibly challenging. 

Benjamin Hosack, Chief Commercial Officer of cyber security firm Foregenix, outlines steps organisations should take in order to minimise the chance to being hacked, improve the ability to identify hacks early and substantially reduce possible damage:

1. Install updates – Research based on 80,000 European websites found that 80% are vulnerable to cyber-attacks and the main reason is a simple failure to install the latest updates. So, patch or update all software.

2. Use threat detection services – Specialist cyber security firms provide high–end Managed Detection and Response Services to cyber threats. As most organisations struggle to detect the threats in the first place, this type of service is vital.

3. Use a honeypot – Honeypots are decoys that appear to be legitimate components of an organisation’s network, containing valuable data. As soon as a honeypot has attracted the attention of the cyber-criminal, a warning is triggered. Combining a honeypot with other security controls provides an additional layer of security.

4. Train your employees – The biggest cyber security weakness in an organisation is the people. Training team and non-technical staff is key. Workers must be informed about the latest cyber threats security. Awareness of threats and how the business might be attacked is important in order to be able to raise the alarm.

5. Monitor security alerts daily – Attack traffic usually has a very specific pattern and hacked business systems can be detected quickly if security alerts are being monitored across the business.

6. Learn from the past to predict future attacks – Cyber criminals certainly do like to strike in the same place twice, and often by the same methods. Pre-emptive action and monitoring based on past attacks can lead to quick identification of a security breach. 

iHLS:                Image: Nick Youngson

You Might Also Read:

The BA Hack And How Not To Respond To A Cyber Attack

« Don't Underestimate The Impact Of Phishing
Russian Internet Research Agency Has A New Propaganda Campaign »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

AppViewX

AppViewX

AppViewX is a global leader in the management, automation and orchestration of network services in data centers.

adaware

adaware

adaware is an award-winning security and privacy software provider, empowering users to connect with confidence.

Wolf Hill Group

Wolf Hill Group

Wolf Hill Group, a Slone Partners company, is a national recruitment firm focused on Cybersecurity.

Deepnet Security

Deepnet Security

Deepnet Security is a leading security software developer and hardware provider in Multi-Factor Authentication (MFA), Single Sign-On (SSO) and Identity & Access Management (IAM).

IDX

IDX

IDX is the leading consumer privacy platform built for agility in the digital age.

1Password

1Password

1Password combines industry-leading security with award-winning design to bring private, secure, and user-friendly password management to everyone.

Allied Telesis

Allied Telesis

Allied Telesis delivers the secure, flexible, and agile solutions needed to meet the expectations of any industry’s critical mission.

Myota

Myota

Myota intelligently equips each file to be resilient and achieve Zero Trust-grade protection. Withstand ransomware and data breach attacks. Reduce data restoration time and effort.

Harbottle & Lewis

Harbottle & Lewis

Harbottle & Lewis is a leading UK-based law firm focused on the Private Client and Technology, Media and Entertainment sectors.

Infoline Tec Group Berhad

Infoline Tec Group Berhad

Infoline Tec Group Berhad is principally involved in providing IT infrastructure solutions, cybersecurity service provider and solutions, managed IT and other IT services.

Kralos

Kralos

Kralos are an experienced team of Software and IT experts, specialized in the development of innovative cybersecurity solutions.

Olympix

Olympix

Dev-first Web3 security that starts at the source. Olympix is a pioneering DevSecOps tool that puts security in the hands of the developer by proactively securing code from day one.

Edge Security

Edge Security

Edge Security is an information security research and consulting firm of expert hackers.

SektorCERT

SektorCERT

SektorCERT is the cybersecurity center for the critical infrastructure sectors in Denmark. We help detect and handle when critical infrastructure is exposed to cyber attacks.

Illustria

Illustria

Illustria is your agent-less “watchdog” for all open source libraries. Our mission is becoming a dev-velocity company, enabled via cyber security.

Hiya

Hiya

Hiya's mission is to secure voice with trust, identity and intelligence. We're protecting people from spam and fraud calls, and helping carriers secure their networks for all.