What Is A Good Cyber Strategy?

Uploaded on 2017-08-23 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Consulting

Cybersecurity has never been as important as it is today. Cyber-attacks are becoming ever more ambitious and overt.

The two big recent malware attacks, Petya and WannaCry both used phishing attacks to spread malware through networks, with Petya in particular, engaging sophisticated, multi-pronged methods which renders the user's computer inoperable, but also provides the hackers with full access to the usernames and passwords stolen from the computer.

The Cyber Security Breaches Survey 2017, published by the Department for Culture, Media and Sport and undertaken by Ipsos Mori stated some frightening figures about the preparedness of businesses to deal with these sustained and frequent attacks.

Whilst 74% of the 1500+ businesses surveyed said that cyber security is a very high priority for their senior management, and 67% have spent money on cyber security in some shape or form in the past year, only 33% have a formal policy that covers cyber-security risks. In addition, only 11% have a cyber security incident management plan in place.

The firms need to take a systematic approach to cybersecurity, covering three main elements. These are policy and procedures, technology, and education and training.

Firstly, firms need documented policies and procedures in place to safeguard business data, systems and networks and to meet regulatory compliance mandates.
The cyber incident response plan identifies the key systems, processes and personnel involved, and documents how the firm will go about preparing for an incident, detecting one, most importantly containing an incident, recovering from it and how the firm will undertake post-incident analysis.

The business continuity plan outlines the critical business processes and IT systems, and the recovery procedures and timescales.

Finally, the cyber-security framework details the user training the firm will undertake, the physical security measures they will put in place, how internal audits will happen, how risks will be identified and classified and how the supply chain will be de-risked.

The next step, getting the technology right, the hardware, software and systems, that protect every layer of data, is also more complex than it seems.
A robust cyber-security strategy should be multi-layered, and include email, mobile devices and other endpoints, web traffic and the network. Firms should also take into account data governance, and data should be encrypted, the physical environment should be secure, access should be managed closely, and firms should run regular penetration testing and vulnerability scanning across the technology estate.

The final component to the framework is to educate employees about cybersecurity, and provide effective training to help them identify malicious behaviour and to act accordingly to avoid or mitigate the risks.

One way of doing this is by regularly and without warning, testing users with simulated email, voice and SMS phishing attacks, personalised landing pages, attachments and spoof domains in order to highlight risks and employee weaknesses.

When employees fall victim to these attacks they can be given immediate feedback and a refresher on spotting the red flags.
 
With the threat of attack becoming increasingly more prevalent, it's not enough to do one of the components without the others. Precisely why a thorough and systematic approach is needed.

Hedgeweek:

You Might Also Read:

Cybersecurity Is Too Important To Leave To IT:

UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks:

Cyber Security Checklist For Management (£):

 

 

« You Might Need To Hire AI Expertise Sooner Than You Think
What is Machine Learning? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Secure360

Secure360

Secure360 focuses on the following key areas: governance, risk and compliance, information security, physical security, business continuity management, and professional development.

Secure India

Secure India

Secure India provides Forensic Solutions that help Government and Business in dealing with prevention and resolution of Cyber related threats.

LogicManager

LogicManager

LogicManager offer a complete set of IT governance, risk and compliance software solutions and advisory services.

Critifence

Critifence

Critifence provides unique Cyber Security solutions designed for Critical Infrastructure, SCADA and Industrial Control Systems.

Nexcom International

Nexcom International

Nexcom operates six global businesses - IoT Automation, Intelligent Digital Security, Internet of Things, Intelligent Platform & Services, Mobile Computing Solutions, Network & Communications.

PRODAFT

PRODAFT

PRODAFT, Proactive Defense Against Future Threats, is a cyber security and cyber intelligence company providing solutions to commercial customers and government institutions.

LEPL Cyber ​​Security Bureau - Georgia

LEPL Cyber ​​Security Bureau - Georgia

The aim of the LEPL Cyber Security Bureau is to create and strengthen stable, efficient and secure systems of information and communications technologies.

Wizlynx PTE LTD

Wizlynx PTE LTD

Wizlynx PTE LTD is the Singapore branch of Wizlynx Group located in Singapore, offering Information and Cyber Security Services throughout the entire Asia Pacific (APAC) region.

Seekurity

Seekurity

Seekurity is an information security consulting firm specialized in all areas of Cyber Security including Penetration Testing, Vulnerability Assessments and Risk Management.

Data Eliminate

Data Eliminate

Data Eliminate provide data destruction, secure end-of-life IT asset disposal, and data protection consultancy services.

Kinetic Investments

Kinetic Investments

Kinetic Investments is a venture capital firm dedicated to early-stage companies that are transforming the digital landscape.

Peris.ai

Peris.ai

Peris.ai is a cybersecurity as a service startup that protects businesses and organizations from online threats.

Xoriant

Xoriant

Xoriant is a technology leader and execution partner throughout the Build, Run and Transform lifecycle for companies that create and use technology products.

ZILLIONe

ZILLIONe

ZILLIONe is one of Sri Lanka´s top enterprise technology solutions providers.

TRM Labs

TRM Labs

TRM enables risk management and compliance for a global community of financial institutions, cryptocurrency businesses and government agencies.

Amtivo Group

Amtivo Group

Amtivo provides Certification, Inspection and Training services to national and local Government bodies, multi-nationals, enterprise clients and SMEs.