Top Five Most Common Gaps In Businesses’ Cyber Security

Uploaded on 2021-05-06 in TECHNOLOGY--Resilience, FREE TO VIEW

The finding that two in five UK companies have faced cybersecurity attacks in the last twelve months, coupled with the growing availability of tools to simplify hacking, is making business leaders nervous. Operational cybersecurity vulnerabilities are common across the board. There is no escaping the threat, whether you’re in the financial, industrial, education, or power sectors, every industry is at risk.

Knowing where your systems are vulnerable is the first step to protecting them. To gain these insights, a comprehensive assessment and analysis is needed to reveal cybersecurity gaps. From our own analysis, we have found there are some gaps that crop up in almost every business.

Understanding The Enemy

Firstly, and possibly most obviously, cybersecurity starts with understanding the risks. Communicating current security risks to the entire workforce is a primary step in securing a business, and often the simplest gap to fill in a company’s protection.

For example, an increase in remote monitoring and third-party access has also led to a rise in cyber vulnerabilities. The IoT connected devices that have enabled so many businesses to quickly transition to homeworking bring challenges along with their benefits. These tools have essentially increased the ‘attack surface’ for hackers and, in many cases, have acted as an organisation’s Achilles heel.

In most cases, cybersecurity professionals have less than a week to ensure that remote systems were secured before making the shift to remote working, it’s fair to say that the preparation for remote-access related security threats is far from mature in most cases. However, companies must now be taking stock of the new technology they have implemented. Building an awareness of the current risks is the first step in mitigating them.

Holistic Protection

In many cases, people are the first and last lines of protection. So collaboration between teams, including higher management, is essential. However, a common gap in a business’ security is caused by a disconnect between teams, particularly between management and operations.

Embedding cybersecurity into your operations takes the whole enterprise – everyone, everywhere – to understand and accept their own responsibility for cybersecurity. In particular, this means bringing IT and OT together so they can help the entire organisation – not just an area, a function or individual team – be as secure as possible.

Establishing this “we” culture helps to connect the dots across the enterprise, fill gaps and maintain always-on vigilance. This change starts from the top. Employees and vendors, at any level of seniority, need to be aware of and compliant with security policies. This ‘all-in’ approach is what will garner more thorough and consistent commitment to the cybersecurity initiative throughout the organisation.

Understanding Your Assets

Many cyberattacks are successful because employees have caused unintended errors. It is important that staff are aware of, and vigilant against, cyberthreats. This doesn’t just mean blanket, company-wide training on how to spot a phishing email, but also establishing the specific threats associated with the assets under an employee’s care. These could include specific protocols around the use of passwords, policies around WiFi access or regular auditing of user accounts and permissions.

This gap has been especially prominent over the past year. During periods of heightened activity or business restructuring, as personnel move into a new work environment, businesses are even more vulnerable to threats and attacks. 

Before attempting any reorganisation, companies need to consider the types of data and technology they require the reallocated workforce to use. Assigning new or inexperienced workers to different roles requiring the use of unfamiliar technology is always a risk, which is amplified when malicious activity is on the rise. During a crisis, it’s a dangerous combination that could open the door to attacks. 

Preparation Is Key

When it comes to cyberattacks, you can never be too prepared. Implementing proactive, tested incident response and risk mitigation plans which are documented and tested, are an essential step in minimising risk and strengthening customer assurance. A security-aware environment should audit and enforce cybersecurity best practices on a consistent and effective basis, utilising available supervision and detection tools, so that exposure to threats is as limited as possible.

However, in terms of risk mitigation, companies tend to deal with what they perceive to be high-probability, disruptive events that are most likely to occur and can be planned for. However, this is only one part of the bigger picture.

Business Continuity Plans need to also consider events that can disrupt entire industries or, in extreme cases, the global market, such as natural disasters or financial crises and pandemics. While these events are low probability, when they do occur, they can change the assumptions made in all other risk planning – causing gaps in protection capabilities if not properly mitigated.

Limited Capabilities

When it comes to cybersecurity, many companies are very conservative – sometimes for good reason – but that needs to change. A collaborative approach that draws on the expertise, capabilities and visibility of all parties is the key to closing these gaps and achieving fully mature cybersecurity for a business.

Most business leaders do not, unsurprisingly, have the knowledge and experience to enact a cybersecure business strategy. That is why collaborating with skilled and certified professionals, who can provide vendor-agnostic services to help assess an individual business’ risk, implement cyber-specific solutions, and maintain those defences over time, is vital to ensuring no gaps in your armour are left unattended to.

Fully mature cybersecurity is not a destination, it’s a journey, and one that effects the entire organisation. Therefore, there is no quick fix that can be completed over night. It is an ongoing and accumulative process, but, if conducted correctly, it can be of significant benefit to a business, and not a burden.

About The Author: Victor Lough is Cyber Security & Advanced Digital Services Business Lead at Schneider Electric.

You Might Also Read: 

Managing Cyber Security As Office Work Resumes:

 

« Your Organisation Needs A Cyber Audit
Why You Should Never Use A Free Proxy »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Identity Theft Resource Center (ITRC)

Identity Theft Resource Center (ITRC)

ITRC is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime.

F5 Networks

F5 Networks

F5 products ensure that network applications are always secure and perform the way they should—anywhere, any time, and on any device.

Opengear

Opengear

Opengear ensures network resilience to enterprises by enabling business continuity with the Network Resilience Platform.

Zadara Storage

Zadara Storage

Zadara provide complete data backup and protection delivered as a fully-managed service.

RCMP Cybercrime Strategy

RCMP Cybercrime Strategy

The RCMP Cybercrime Strategy sets out in an Operational Framework and Action Plan to combat cybercrime.

Positive Technologies

Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection.

TEISS

TEISS

Teiss.co.uk is a website dedicated to providing information about cyber security. TEISS also provide a series of conferences and events focused on cyber security.

CNA Insurance

CNA Insurance

CNA offers a market-leading suite of cyber liability insurance products and risk control resources for businesses of all sizes.

Adaptive Shield

Adaptive Shield

Addaptive Shield - Complete Control For Your SaaS Security. Proactively find and fix weaknesses across your SaaS platforms.

Tide Foundation

Tide Foundation

Tide's breakthrough multi-party-cryptography enables TRUE-zero-trust technology that unlocks cyber-herd immunity.

LoughTec

LoughTec

LoughTec secure, manage and connect IT infrastructure for businesses and organisations throughout the UK and Republic of Ireland.

Quad9 Foundation

Quad9 Foundation

Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system's performance, plus, it preserves and protects your privacy.

Searchlight Cyber

Searchlight Cyber

Searchlight Cyber is a leading darknet intelligence company. Working with law enforcement, industry, and end users to help protect society against the threats of the darknet.

European Data Protection Supervisor (EDPS)

European Data Protection Supervisor (EDPS)

The EDPS is the European Union’s independent data protection authority. We monitor and ensure the protection of personal data and privacy when EU institutions and bodies process personal information.

Coffee Cup Solutions

Coffee Cup Solutions

We offer a full spectrum of IT Services, from our UK based Helpdesk to IT Consultancy and Cyber Security. Our team has the skills and experience to develop, deliver and manage IT for your business.

ArmorPoint

ArmorPoint

ArmorPoint redefines the traditional approach to cybersecurity by combining network operations, security operations, and SIEM technology in one platform.