Reducing Exposure To Cyber Attack

The Internet is a hostile environment where threat of attack is ever present as new vulnerabilities are released and commodity tools are produced to exploit them.  Doing nothing is no longer an option.  Protect your organisation and your reputation by establishing some basic cyber defences to ensure that your name is not added to the growing list of victims. 
 
Cyber-crime has become more organised and sophisticated than ever before, making it critical for every organisation to communicate risks like phishing effectively across the business. There are effective and affordable ways to reduce your organisation’s exposure to the more common types of cyber attack on systems that are exposed to the Internet. 
 
The Following Controls Are Important:

Cyber security is finally getting the attention it deserves in the boardroom. As the number of high-profile data breaches continues to rise, there’s been a greater emphasis on managing cyber risk to reduce the chance of an attack. Furthermore, while cyber security is everyone’s responsibility, resilient organisations require positive  leadership.

If the CEO visibly takes  cyber security seriouslyt hen this will permeate throughout the organisation and help create a culture of enhanced cyber security awareness.

  • Boundary firewalls and Internet gateways - establish network perimeter defences, particularly web proxy, web filtering, content checking, and firewall policies to detect and block executable downloads, block access to known malicious domains and prevent users’ computers from communicating directly with the Internet
  • Malware protection - establish and maintain malware defences to detect and respond to known attack code
  • Patch management - patch known vulnerabilities with the latest version of the software, to prevent attacks which exploit software bugs
  • Whitelisting and execution control - prevent unknown software from being able to run or install itself, including AutoRun on USB and CD drives
  • Secure configuration - restrict the functionality of every device, operating system and application to the minimum needed for business to function
  • Password policy - ensure that an appropriate password policy is in place and followed
  • User access control - include limiting normal users’ execution permissions and enforcing the principle of least privilege
If your organisation is likely to be targeted by a more technically capable attacker, give yourself greater confidence by putting in place these additional controls set out in the 10 Steps to Cyber Security recommended by the British National Cyber Security Centre:
  • Security monitoring - to identify any unexpected or suspicious activity
  • User training education and awareness - staff should understand their role in keeping your organisation secure and report any unusual activity. We strongly recommend GoCyber as powerful training tool to transform user behaviour. 
  • Security incident management - put plans in place to deal with an attack as an effective response will reduce the impact on your business

Home, mobile working and remote system access offers great benefits, but produces new risks that need to be managed. You should establish risk based policies and procedures that support mobile working or remote access to systems that are applicable to users, as well as service providers. 

Strengthening your organisations cyber security is about reducing the attack surface and then reducing insider errors, making it much harder for criminals to break in. Train your users on the secure use of their mobile and other devices in any the environments they are likely to be working in.
 
 NCSC:         NCSC:      Meta Compliance

If you would like more specific information about how you can improve your cyber home and business security, please contact Cyber Security Intelligence for recommendations on the right solutions for your business. 
 
You Might Also Read: 
 
Easing Out Of Lockdown: Why Should Cyber Security Remain High On The Agenda?:
 
« European Union Sanctions Cyber Attackers
Secret Brexit Documents Hacked By Russians »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Copper Horse Solutions

Copper Horse Solutions

Copper Horse specialises in mobile and IoT security, engineering solutions throughout the product lifecycle from requirements to product security investigations.

NetMonastery DNIF

NetMonastery DNIF

NetMonastery is a network security company which assists enterprises in securing their network and applications by detecting threats in real time.

AllegisCyber Capital

AllegisCyber Capital

AllegisCyber is an investment company with a focus on seed and early stage investing in cybersecurity and its applications in emerging technology markets.

Excellium Services

Excellium Services

Excellium’s Professional Services team combines expertise and experience that complements your in-house security resources.

VietSunshine

VietSunshine

VietSunshine is a leading provider of network security infrastructure and solutions in Vietnam.

Araxxe

Araxxe

Araxxe delivers Revenue Assurance, End-to-End Billing Verification and Interconnect Fraud Detection solutions to communication companies worldwide.

Scantist

Scantist

Scantist is a cyber-security spin-off from Nanyang Technological University (Singapore) which leverages its expertise to provide vulnerability management solutions to enterprise clients.

Cyber Physical Security Research Center (CPSEC)

Cyber Physical Security Research Center (CPSEC)

CPSEC aims to contribute to the security enhancement of industrial infrastructure that creates value across cyber space and physical space.

Ordr

Ordr

Ordr Systems Control Engine. The first actionable AI-based systems control engine for the hyper-connected enterprise. You’re in control.

Drip7

Drip7

Drip7 is a micro-learning platform that is re-inventing the way companies train their employees and build lasting cultural change around the importance of cybersecurity.

Dhound

Dhound

Dhound is a cybersecurity company providing web application penetration testing.

Albania Lab

Albania Lab

Albania Lab is a consulting company focused on the development and delivery of digital solutions and IT services including cybersecurity.

Trusted Security Solutions (TSS)

Trusted Security Solutions (TSS)

TSS are specialist in IT Security and providing Cybersecurity Solutions & Services combined with storage and backup.

Kintek Group

Kintek Group

Kintek Group provides cybersecurity and managed services to protect organizations from threats that exist inside and outside their networks.

Mitigo Group

Mitigo Group

Mitigo offers a well considered and effective approach to keeping businesses completely secure from any digital attacks.

Mobilen Communications

Mobilen Communications

Mobilen are dedicated to providing our customers with the highest level of secure data in transit and to bring privacy back to a mobile world.

SecureKloud Technologies

SecureKloud Technologies

SecureKloud is a global leader in the Cloud services arena. Our experience in cloud consulting and servicing for highly regulated industries extends more than a decade.