What Is A Good Cyber Strategy?

Uploaded on 2017-08-23 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Consulting

Cybersecurity has never been as important as it is today. Cyber-attacks are becoming ever more ambitious and overt.

The two big recent malware attacks, Petya and WannaCry both used phishing attacks to spread malware through networks, with Petya in particular, engaging sophisticated, multi-pronged methods which renders the user's computer inoperable, but also provides the hackers with full access to the usernames and passwords stolen from the computer.

The Cyber Security Breaches Survey 2017, published by the Department for Culture, Media and Sport and undertaken by Ipsos Mori stated some frightening figures about the preparedness of businesses to deal with these sustained and frequent attacks.

Whilst 74% of the 1500+ businesses surveyed said that cyber security is a very high priority for their senior management, and 67% have spent money on cyber security in some shape or form in the past year, only 33% have a formal policy that covers cyber-security risks. In addition, only 11% have a cyber security incident management plan in place.

The firms need to take a systematic approach to cybersecurity, covering three main elements. These are policy and procedures, technology, and education and training.

Firstly, firms need documented policies and procedures in place to safeguard business data, systems and networks and to meet regulatory compliance mandates.
The cyber incident response plan identifies the key systems, processes and personnel involved, and documents how the firm will go about preparing for an incident, detecting one, most importantly containing an incident, recovering from it and how the firm will undertake post-incident analysis.

The business continuity plan outlines the critical business processes and IT systems, and the recovery procedures and timescales.

Finally, the cyber-security framework details the user training the firm will undertake, the physical security measures they will put in place, how internal audits will happen, how risks will be identified and classified and how the supply chain will be de-risked.

The next step, getting the technology right, the hardware, software and systems, that protect every layer of data, is also more complex than it seems.
A robust cyber-security strategy should be multi-layered, and include email, mobile devices and other endpoints, web traffic and the network. Firms should also take into account data governance, and data should be encrypted, the physical environment should be secure, access should be managed closely, and firms should run regular penetration testing and vulnerability scanning across the technology estate.

The final component to the framework is to educate employees about cybersecurity, and provide effective training to help them identify malicious behaviour and to act accordingly to avoid or mitigate the risks.

One way of doing this is by regularly and without warning, testing users with simulated email, voice and SMS phishing attacks, personalised landing pages, attachments and spoof domains in order to highlight risks and employee weaknesses.

When employees fall victim to these attacks they can be given immediate feedback and a refresher on spotting the red flags.
 
With the threat of attack becoming increasingly more prevalent, it's not enough to do one of the components without the others. Precisely why a thorough and systematic approach is needed.

Hedgeweek:

You Might Also Read:

Cybersecurity Is Too Important To Leave To IT:

UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks:

Cyber Security Checklist For Management (£):

 

 

« You Might Need To Hire AI Expertise Sooner Than You Think
What is Machine Learning? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Intland Software

Intland Software

Intland offer an integrated Application Lifecycle Management platform that offers all-round Requirements, Development, and Testing & Quality Assurance functionality.

Kore Telematics

Kore Telematics

Kore is a leading managed service provider for IoT and M2M applications.

ERI

ERI

ERI is the largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company in the United States.

Techfusion

Techfusion

Techfusion is a cyber security research and consulting firm focusing on digital forensics and data recovery.

Dashlane

Dashlane

Dashlane puts all your passwords, payments, and personal info in one place that only you control. So you can use them instantly. Securely. Exactly when you need them.

TAV Technologies

TAV Technologies

TAV Technologies is a provider of technology services to the aviation industry in areas including airport infrastructure systems, digital transformation and cybersecurity.

Alcon Maddox

Alcon Maddox

Alcon Maddox is a niche recruitment and executive search firm specialised in sourcing exceptional Cyber Security sales and commercial leadership talent. Serving clients across the Middle East & Europe

European Data Protection Supervisor (EDPS)

European Data Protection Supervisor (EDPS)

The EDPS is the European Union’s independent data protection authority. We monitor and ensure the protection of personal data and privacy when EU institutions and bodies process personal information.

Ruptura InfoSecurity

Ruptura InfoSecurity

Ruptura InfoSecurity provide CREST Accredited Penetration Testing & Offensive Security Services. We secure your critical assets through targeted and research driven penetration testing.

Quantum Ventura

Quantum Ventura

Quantum Ventura is a technology innovation company with a single mission of delivering customer-centric advanced solutions to US Federal & State Governments and Private Sector customers.

ABM Technology Group

ABM Technology Group

ABM Technology Group (formerly True IT) provide business information technology services, solutions, and consulting for small to mid-sized organizations.

Antivirus Tales

Antivirus Tales

Antivirus Tales offers a platform to resolve all types of antivirus-related issues. The platform also provide various blog articles and informative guides to fix antivirus software errors.

Multipoint Group

Multipoint Group

Multipoint is an information security and protection solutions company operating in the South EMEA region through value-added distribution channels.

SecZone

SecZone

SecZone is a Chinese enterprise with a mission to "Make It Secure." We are dedicated to driving software security innovation globally.

Backblaze

Backblaze

The Backblaze Storage Cloud provides a foundation for businesses, developers, IT professionals, and individuals to build applications, host content, manage media, back up and archive data, and more.

Runecast Solutions

Runecast Solutions

Runecast Solutions is a global leader in AI-powered risk mitigation, security, continuous compliance and more efficient IT operations management.