What Is A Good Cyber Strategy?

Uploaded on 2017-08-23 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Consulting

Cybersecurity has never been as important as it is today. Cyber-attacks are becoming ever more ambitious and overt.

The two big recent malware attacks, Petya and WannaCry both used phishing attacks to spread malware through networks, with Petya in particular, engaging sophisticated, multi-pronged methods which renders the user's computer inoperable, but also provides the hackers with full access to the usernames and passwords stolen from the computer.

The Cyber Security Breaches Survey 2017, published by the Department for Culture, Media and Sport and undertaken by Ipsos Mori stated some frightening figures about the preparedness of businesses to deal with these sustained and frequent attacks.

Whilst 74% of the 1500+ businesses surveyed said that cyber security is a very high priority for their senior management, and 67% have spent money on cyber security in some shape or form in the past year, only 33% have a formal policy that covers cyber-security risks. In addition, only 11% have a cyber security incident management plan in place.

The firms need to take a systematic approach to cybersecurity, covering three main elements. These are policy and procedures, technology, and education and training.

Firstly, firms need documented policies and procedures in place to safeguard business data, systems and networks and to meet regulatory compliance mandates.
The cyber incident response plan identifies the key systems, processes and personnel involved, and documents how the firm will go about preparing for an incident, detecting one, most importantly containing an incident, recovering from it and how the firm will undertake post-incident analysis.

The business continuity plan outlines the critical business processes and IT systems, and the recovery procedures and timescales.

Finally, the cyber-security framework details the user training the firm will undertake, the physical security measures they will put in place, how internal audits will happen, how risks will be identified and classified and how the supply chain will be de-risked.

The next step, getting the technology right, the hardware, software and systems, that protect every layer of data, is also more complex than it seems.
A robust cyber-security strategy should be multi-layered, and include email, mobile devices and other endpoints, web traffic and the network. Firms should also take into account data governance, and data should be encrypted, the physical environment should be secure, access should be managed closely, and firms should run regular penetration testing and vulnerability scanning across the technology estate.

The final component to the framework is to educate employees about cybersecurity, and provide effective training to help them identify malicious behaviour and to act accordingly to avoid or mitigate the risks.

One way of doing this is by regularly and without warning, testing users with simulated email, voice and SMS phishing attacks, personalised landing pages, attachments and spoof domains in order to highlight risks and employee weaknesses.

When employees fall victim to these attacks they can be given immediate feedback and a refresher on spotting the red flags.
 
With the threat of attack becoming increasingly more prevalent, it's not enough to do one of the components without the others. Precisely why a thorough and systematic approach is needed.

Hedgeweek:

You Might Also Read:

Cybersecurity Is Too Important To Leave To IT:

UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks:

Cyber Security Checklist For Management (£):

 

 

« You Might Need To Hire AI Expertise Sooner Than You Think
What is Machine Learning? »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

AppViewX

AppViewX

AppViewX is a global leader in the management, automation and orchestration of network services in data centers.

Penta Security

Penta Security

Founded on its data encryption technology, Penta Security is a leading provider of web and data security products, solutions and services.

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center is a not-for-profit organization focused on regional cybersecurity excellence and readiness, with a special emphasis on the maritime community.

Seculert

Seculert

The Seculert Attack Detection & Analytics Platform combines machine-learning based analytics and threat intelligence to automatically detect cyber attacks inside the network.

NTIC Cyber Center - USA

NTIC Cyber Center - USA

NTIC Cyber Center is an organization dedicated to making the National Capital Region (Washington DC) more resilient to cyber-attacks.

Fortalice

Fortalice

Fortalice provide customizable consulting services built on proven methodology to strengthen your business cyber security defenses.

Vulcan Cyber

Vulcan Cyber

At Vulcan, we’re modernizing the way enterprises reduce their cyber risk. From detection to resolution, we automate and orchestrate the vulnerability remediation process dynamically and at scale.

Constella Intelligence

Constella Intelligence

Constella Intelligence provides digital risk protection services to quickly and efficiently disrupt cyber attacks and data breaches before they occur.

Apex Systems

Apex Systems

Apex Systems is a world-class technology services business that incorporates industry insights and experience to deliver solutions that fulfill our clients’ digital visions.

TRM Labs

TRM Labs

TRM enables risk management and compliance for a global community of financial institutions, cryptocurrency businesses and government agencies.

Ventum Consulting

Ventum Consulting

Ventum Consulting stands for digitalization, networking and agilization. We take this up on the strategic, professional and technical side and support our customers in the digital transformation.

Softsource vBridge

Softsource vBridge

Softsource vBridge are an ICT systems integrator providing specialist technology solutions, professional services, technical expertise and data centre services.

Gibbs Consulting

Gibbs Consulting

Gibbs Consulting provides innovative, flexible, on-demand IT Services and IT Consulting that delivers value and successful outcomes for our clients.

aiComply

aiComply

aiComply's AI-driven platform offers automated intelligence for an efficient cybersecurity compliance workflow, eliminating onerous manual and time-consuming paperwork.

Cure53

Cure53

Cure53 offers classic black-box penetration tests (zero-knowledge) as well as white-box tests and code audits.

Elixirr

Elixirr

Elixirr is an award-winning global consulting firm working with clients across a diverse range of markets, industries and geographies.