How To Improve Cyber Security Visibility & Control

Uploaded on 2022-03-17 in TECHNOLOGY--Resilience, FREE TO VIEW

With an increasing number of high-profile security breaches splashed across the media, companies are now looking to improve their cyber security.

As the world has become more digitally connected and working from home continues to be part of the way we work, there has become more opportunity for attack.  
 
What Are The Threats? 
 
Ransomware has become increasingly sophisticated, and the number of phishing emails has risen exponentially. This has left many businesses vulnerable. The Government’s Cyber Security Breaches Survey found that four in ten businesses (39%) and a quarter of charities (26%) reported having cyber security breaches or attacks in the year March 2020-21, and phishing remains the most common threat vector. 
 
The cost of these attacks is serious too. Around 21% of businesses end up losing money, data or other assets. A third of companies’ report being negatively impacted; for example, they require new post-breach measures, have staff time diverted or suffer broader business disruption.  

How Have Hybrid Working Models Increased Cyber Risks?    

Working from home and other out of office venues is leaving corporate networks vulnerable as the protection you would normally have behind the perimeter in the office is not in place on home and external networks. To further complicate the situation, users work from several locations with multiple devices and apps. 
 
Company devices that had never moved beyond the organisation’s walls and were kept safely behind firewalls, IDS, DMZs and set up with security solutions that kept cybercriminals from attacking them, are now outside those protected networks. These remote devices are vulnerable to cyber-attacks if existing on-site security solutions are no longer fully effective. 
So, what are the key things that businesses should focus on to improve visibility and control? Here are my five top tips: 
 
1.     Make your employees your first line of defence:   Keeping security front of mind while employees are out of the office is an essential step in protecting your organisation. Strong cybersecurity awareness training is critical to prepare an employee to be the first line of defence.  
 
With the lines of home and workspace blurred in a hybrid working world, phishing attacks, unfortunately, are here to stay. Therefore, reducing user risk by helping to identify email scams and malware should become part of bolstering an employee’s security awareness. Organisations can ‘test’ levels of awareness by conducting a custom phishing campaign to see how easily employees can spot a phishing email and how they respond. This can then be measured over time. 
 
Educating about password security and safe Internet habits should also be a vital part of staff training. 
 
2.     Protect the endpoint:   Where endpoints are concerned, it’s wise to take a proactive approach to limit what activities can be carried out on the device. Privileged access security is critical to protect access to data, applications and systems. This allows the organisation to keep control of its most valuable data. Each online identity can be set with special access, or specific capabilities and access can be reduced where necessary.  
 
With the high number of endpoints connected to the network, these become easy targets for cybercriminals. Endpoint Detection and Response (EDR) solutions can be deployed that involve continuous real-time monitoring of malicious activity. The solution can disconnect endpoints and shadow IT to respond to threats by utilising rules-based automated response and analysis capabilities. 
 
3.     Using best of breed detection and response services:   Managed Detection and Response (MDR) is a combination of both technology and human expertise to provide security monitoring across an organisation’s entire IT environment. These services can rapidly respond to and eliminate threats. Taking it a step further, Extended Detection and Response (XDR) provides threat detection and incident response by collecting data across multiple security layers. For example, across email, endpoints, cloud workloads, servers and networks to provide a holistic view that allows for faster detection of threats and response times.   
 
4.     Secure your organisation in the cloud:   Business needs are driving more organisations to the cloud than ever before. Cloud technology improves productivity, efficiency and cost savings and offers greater flexibility. But there are particular security implications to watch out for. The public cloud can limit your access control and authentication, so it’s wise to implement Multi-Factor Authentication (MFA), manage user access and integrate compliance into daily procedures.  
 
Next-Generation Antivirus (NGAV) takes traditional antivirus software to a new, advanced level of endpoint security protection. It’s a cloud-based response to detect and prevent malware, identify malicious activity by unknown sources, collect comprehensive data from all endpoint devices to understand better what is going on in the IT environment. It uses predictive analytics driven by machine learning and artificial intelligence and combines with threat intelligence which goes beyond known file-based malware signatures.  
 
5.     Prevention is best:   Today’s attackers know precisely where to find gaps and weaknesses in an organisation’s security posture. Companies, therefore, need to take actions into their own hands to become better protected. And thankfully, there are many ways in which this can be achieved. 

Reducing your organisation’s risk of a cyber attack is the best stance - both from a cost and reputation perspective. Re-evaluate your cyber security strategy, have the right tools and services in place and integrate with effective employee education and testing.  

Leyton Jefferies is  Head of Security Services at CSI Ltd    

You Might Also Read: 

Protect Your Organisation - Know Your Enemy:

 

« Trends In Application Connectivity & Network Management
Convergence & Digitalisation Create Problems For Energy Utilities »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

eco

eco

eco, with more than 950 member organizations, is the largest Internet industry association in Europe.

Network Integrity Systems

Network Integrity Systems

Network Integrity Systems is a leader in network infrastructure security and offers solutions specifically developed for Government and Private Enterprise.

Cyversity

Cyversity

Cyversity's mission (formerly ICMCP) is the consistent representation of women and underrepresented minorities in the cybersecurity industry.

Agesic

Agesic

Agesic is an institution that leads the development of the Digital Government and the Information and Knowledge Society in Uruguay.

Digital Resolve

Digital Resolve

Digital Resolve delivers solutions that help companies maintain trust and confidence through proven and cost-effective fraud-protection and identity intelligence technology.

Sequoia Capital

Sequoia Capital

Sequoia Capital is a venture capital firm focused mainly on technology. We partner both with young companies finding their stride and established ones looking for growth.

BrandShelter

BrandShelter

BrandShelter specializes in providing online brand protection for companies and trademark owners.

Crypto International

Crypto International

Crypto International offers comprehensive services for the operation of our customers’ IT and communication infrastructure, with a focus on cybersecurity and encryption solutions.

1Kosmos

1Kosmos

1Kosmos provide Digital Identity and Passwordless Authentication for workforce and customers. Powered by advanced biometrics and blockchain technology.

Code Intelligence

Code Intelligence

Code Intelligence offers a platform for automated software security testing to help developers make their software more robust and secure.

Exceed Cybersecurity & I.T. Services

Exceed Cybersecurity & I.T. Services

Exceed Cybersecurity & I.T. Services is a premier Managed Internet Technology (I.T.) company with a focus in cybersecurity risk management and CMMC compliance management.

Gatefy

Gatefy

Getfy is a cybersecurity company specialized in artificial intelligence and machine learning. We work to solve challenging issues, especially those involving email security.

KATIM

KATIM

KATIM is a leader in the development of innovative secure communication products and solutions for governments and businesses.

IBM Security

IBM Security

IBM manufactures and markets computer hardware, middleware and software, and offers hosting and consulting services in areas ranging from mainframe computers to nanotechnology.

Northern Computer

Northern Computer

Northern Computer provides comprehensive IT solutions that streamline your operations and help you achieve your business goals.

Saidot

Saidot

Saidot is a Finnish AI governance and alignment company committed to helping businesses safely and transparently integrate AI into their operations.