Proactivity Is Key To Effective Cybersecurity

All organisations should assume they will experience some sort of cyber security incident sooner or later, probably sooner, adds Nadia Veeran-Patel, Manager: Cyber Resilience, ContinuitySA a leader in S African IT security.
 
“Plan for the worst and, most important of all, know what to do when an incident occurs. Understanding that a successful attack will be launched is the basis of a proactive approach to information security and risk management,” she advises.
The statistics say it all. The SiteLock 2019 Website Security Report indicates that, while hacks have become harder to detect, the number increased by 59% in 2018. 
 
The Report makes it clear that small businesses are as much targets as larger corporates, virtually all businesses have Web sites nowadays, and 17.6 million Web sites have malware at any given time.
 
The numbers of people affected by site hacks are mind-boggling, just one example is that 147.9 million consumers were affected by the Equifax breach in 2017. Seventy percent of organisations say they believe their security risk increased significantly in 2017. However, says Veeran-Patel, it’s critical to look at cyber security holistically. “After all, while plenty of attacks do indeed arrive via the Internet, they can also show up at the front desk with a USB drive, or peer over your shoulder in a busy coffee shop,” she notes. 
 
“Organisations need to conduct a proper risk assessment and then develop a roadmap matched to their cyber security strategy, you need to know where you are going and how to get there. It’s also important to get guidance on the tools necessary to address any gaps and minimise the risks identified.”
 
Once an attack has happened, it’s important to take the time to evaluate the short, medium and long-term impacts. These will vary, but one basic business resilience measure that will reduce the impact of threats is reliable, consistent and easily accessible backups. 
 
In summary, Veeran-Patel says the following best practices should be followed:
 
• Plan for the worst and ensure you identify your risks and mitigation strategies upfront.
• Make sure you have a reliable backup process in place, with a clear understanding of what your information assets are, how often they should be backed up and how quickly each one needs to be recovered. These decisions need to be made by the business in conjunction with the IT department, never just the latter.
• Identify owners of information assets across the business and ensure they are part of the risk management process.
 
One final point is that cyber security is ultimately a function of corporate culture. Everybody in the organisation needs to understand the risks and the role they can play in making the organisation secure. 
 
ITWeb:              Image: US Homeland Security
 
For Cyber Training for your organisation, for a sensible training time and cost, Contact  Cyber Security Intelligence 
 
You Might Also Read: 
 
Cyber Essentials For Board Directors:
 
 
 
« Maritime Shipping Is Badly Exposed
Easy Cyber Knowledge Chapter 3 - Social Media & Social Change »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Black Hat Briefings

Black Hat Briefings

The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world.

Continuum

Continuum

Continuum is the IT management platform company that allows Managed IT Services Providers to maintain and back up on-premise and cloud-based servers, desktops, mobile devices and other endpoints

Happiest Minds Technologies

Happiest Minds Technologies

Happiest Minds offers domain centric solutions in IT Services, Product Engineering, Infrastructure Management and Security.

Norton

Norton

NortonLifeLock is dedicated to helping secure the devices, identities, online privacy, and home and family needs of approximately 50 million consumers.

StrongKey

StrongKey

StrongKey (formerly StrongAuth) is a leader in Enterprise Key Management Infrastructure, bringing new levels of capability and data security at a price point significantly lower than other solutions.

SynerComm

SynerComm

SynerComm is an IT solution provider specializing in network and security infrastructure, enterprise mobility, remote access, wireless solutions, audit, pentesting and information assurance.

Tenfold Software

Tenfold Software

Tenfold is the unique, centralized platform for managing user and permissions efficiently and automatically.

CSIRT Italia

CSIRT Italia

CSIRT Italia is the national Computer Security Incident Response Team for Italy.

RUSCADASEC

RUSCADASEC

RUSCADASEC is an independent non-profit initiative on developing the open Russian-speaking international community of industrial cyber security/ICS/SCADA cyber security professionals.

Converge Technology Solutions

Converge Technology Solutions

Converge Technology Solutions Corp. is a North American IT solution provider delivering advanced analytics, cloud, cybersecurity, and managed services solutions.

IN4 Group

IN4 Group

IN4 Group is a skills, innovation and start-up services provider that specialises in supporting businesses with the training, communities, networks and advice they need to scale.

NVISIONx

NVISIONx

NVISIONx data risk governance platform enables companies to gain control of their enterprise data to reduce data risks, compliance scopes and storage costs.

Clearvision

Clearvision

As an Atlassian Platinum Solution Partner, Clearvision works with teams in the UK and US, providing solutions for the Atlassian stack, Git and open source tooling.

Technoware Solutions

Technoware Solutions

Technoware Solutions is a global company committed to helping entities navigate the digital waters of modernizing their system processes in an ever changing cybersecurity landscape.

DigitalXForce

DigitalXForce

DigitalXForce is the Digital Trust Platform for the New Era – SaaS based solution that provides Automated, Continuous, Real Time Security & Privacy Risk Management.

WaveLink

WaveLink

WaveLink offers low risk, results-oriented Engineering Services and best-of-class Technical Support Services. Areas of expertise include cyber and security engineering.