Reducing Exposure To Cyber Attack

The Internet is a hostile environment where threat of attack is ever present as new vulnerabilities are released and commodity tools are produced to exploit them.  Doing nothing is no longer an option.  Protect your organisation and your reputation by establishing some basic cyber defences to ensure that your name is not added to the growing list of victims. 
 
Cyber-crime has become more organised and sophisticated than ever before, making it critical for every organisation to communicate risks like phishing effectively across the business. There are effective and affordable ways to reduce your organisation’s exposure to the more common types of cyber attack on systems that are exposed to the Internet. 
 
The Following Controls Are Important:

Cyber security is finally getting the attention it deserves in the boardroom. As the number of high-profile data breaches continues to rise, there’s been a greater emphasis on managing cyber risk to reduce the chance of an attack. Furthermore, while cyber security is everyone’s responsibility, resilient organisations require positive  leadership.

If the CEO visibly takes  cyber security seriouslyt hen this will permeate throughout the organisation and help create a culture of enhanced cyber security awareness.

  • Boundary firewalls and Internet gateways - establish network perimeter defences, particularly web proxy, web filtering, content checking, and firewall policies to detect and block executable downloads, block access to known malicious domains and prevent users’ computers from communicating directly with the Internet
  • Malware protection - establish and maintain malware defences to detect and respond to known attack code
  • Patch management - patch known vulnerabilities with the latest version of the software, to prevent attacks which exploit software bugs
  • Whitelisting and execution control - prevent unknown software from being able to run or install itself, including AutoRun on USB and CD drives
  • Secure configuration - restrict the functionality of every device, operating system and application to the minimum needed for business to function
  • Password policy - ensure that an appropriate password policy is in place and followed
  • User access control - include limiting normal users’ execution permissions and enforcing the principle of least privilege
If your organisation is likely to be targeted by a more technically capable attacker, give yourself greater confidence by putting in place these additional controls set out in the 10 Steps to Cyber Security recommended by the British National Cyber Security Centre:
  • Security monitoring - to identify any unexpected or suspicious activity
  • User training education and awareness - staff should understand their role in keeping your organisation secure and report any unusual activity. We strongly recommend GoCyber as powerful training tool to transform user behaviour. 
  • Security incident management - put plans in place to deal with an attack as an effective response will reduce the impact on your business

Home, mobile working and remote system access offers great benefits, but produces new risks that need to be managed. You should establish risk based policies and procedures that support mobile working or remote access to systems that are applicable to users, as well as service providers. 

Strengthening your organisations cyber security is about reducing the attack surface and then reducing insider errors, making it much harder for criminals to break in. Train your users on the secure use of their mobile and other devices in any the environments they are likely to be working in.
 
 NCSC:         NCSC:      Meta Compliance

If you would like more specific information about how you can improve your cyber home and business security, please contact Cyber Security Intelligence for recommendations on the right solutions for your business. 
 
You Might Also Read: 
 
Easing Out Of Lockdown: Why Should Cyber Security Remain High On The Agenda?:
 
« European Union Sanctions Cyber Attackers
Secret Brexit Documents Hacked By Russians »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ClearedJobs.Net

ClearedJobs.Net

ClearedJobs.Net is a career site and job fair company for professionals seeking careers in the defense, intelligence and cyber security communities.

Puppet

Puppet

Puppet is a leader in IT automation. Our software helps DevOps securely automate configuration and management of machines and the software running on them.

QTS

QTS

QTS Realty Trust, Inc. is a leading provider of secure, compliant data center, hybrid cloud and managed services.

PlaxidityX

PlaxidityX

PlaxidityX (formerly Argus Cyber Security) is a global leader in mobility cyber security, provides DevSecOps, vehicle protection and fleet protection technologies and services.

Secure Recruiting International (SRI)

Secure Recruiting International (SRI)

SRI is an industry leader in Information Security , Networking, Wireless and Storage recruitment.

Digital Infrastructure Association (DINL)

Digital Infrastructure Association (DINL)

DINL is the leading representative for companies and organisations which are active within the Dutch digital infrastructure sector.

Shadowserver Foundation

Shadowserver Foundation

Shadowserver Foundation aims to improve internet security by raising awareness of compromised servers, malicious attackers and the spread of malware.

CommuniTake

CommuniTake

CommuniTake builds security, enablement, and management solutions to provide people and organizations with better, and more secure mobile device use.

Decision Group

Decision Group

Decision Group are a Total Solution Supplier offering Network Forensics and Lawful Interception tools.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

Johnson Controls International

Johnson Controls International

Johnson Controls is a global diversified technology company with a focus on smart cities, energy, infrastructure and transportation including the security of automation and control systems.

MENAInfoSecurity

MENAInfoSecurity

MENAInfoSecurity is a regional leader in information security solutions, assurance services and managed services.

Ergo

Ergo

Ergo is a world-class IT Partner of choice, leveraging the latest technology available in cloud, mobility, big data, analytics, and social media.

IQ4 - Cybersecurity Workforce Alliance (CWA)

IQ4 - Cybersecurity Workforce Alliance (CWA)

Cybersecurity Workforce Alliance, a division of iQ4, is an organization comprised of a diverse range of professionals dedicated to the development of the cybersecurity workforce.

Hybrid Identity Protection Conference (HIP)

Hybrid Identity Protection Conference (HIP)

Hybrid Identity Protection (HIP) is the premier educational forum for identity-centric cybersecurity practitioners charged with defending hybrid cloud environments.

Althammer & Kill

Althammer & Kill

Althammer & Kill offers pragmatic solution concepts for data protection and digitization. We advise in the field of data protection, information security and compliance.