Anything goes – or does it? Effective cyber security management

The number of cybersecurity attacks is increasing every year, costing billions to businesses around the world, and in order to prevent cybersecurity attacks, it’s important to remember the basics.

“Security is not just the responsibility of the in-house security team, it is everyone’s responsibility,” says an industry expert.

IT is a business issue – and the earlier business owners and senior management respond, the better chance organisations have at staying secure. Senior management and top-level executives giving time to cybersecurity was identified as the biggest driver of maturity in managing risk, according to a McKinsey study. In many cases, cyber attacks have the potential to destroy a business, which is why cybersecurity is now a boardroom issue. It’s time for the senior managers in businesses to lead the charge. This means calling on both in-house IT leadership and external consultants through the partnering with expert IT managed services who can provide the latest capabilities and industry know-how.

Looking ahead, PwC’s Global State of Information Security Survey 2018 states that “87 percent of global CEO’s say they are investing in cybersecurity to build trust with customers.”

With new IT developments come new security risks. From mobile devices to cloud computing, amongst others. As we all become increasingly connected and our customer’s personal data is stored in the cloud or on other systems, the way this information is stored becomes more and more important. Not only does having secure and compliant systems mean it’s easy to ensure the data stays safe.

There are some key cyber threats in 2018: botnets, ransomware, and easy mark attack methods – the ‘low hanging fruit’. For all of these, it’s important to protect yourself by applying multi-layered security defences.

  1. Botnets
    A bot is a program that allows an attacker to take control of an infected computer. A botnet is a network of these computers that communicate with a server.

  2. Ransomware
    The most famous ransomware attack of 2017 was WannaCrypt, which hit the NHS and other systems around the world, bringing down critical services. It affected over 230,000 computers – one of the largest attacks ever

    Ransomware does, as the name suggests, infect and encrypt files (or entire disks) to prevent access until a ransom is paid – with no guarantee victims will regain access.

  3. Easy mark attack methods
    As we incorporate stronger security measures on our systems, hackers are finding it harder to get into these systems. As such, hackers are now focusing more on the ‘low hanging fruit’ such as social engineering or poorly secured cloud apps.

Humans are often the weakest link in cyber security.

All it takes is one person in your organisation clicking a malicious link or opening a phishing email and your data could be compromised. Phishing was the top threat vector for Office 365-based threats during the second half of 2017.

One Managed Services Provider company reported an increase of Incident Response call-outs of more than 50% that are connected to compromises of Office 365. They say that where this is going wrong is that Microsoft continue to give financial incentives for organisations to move their systems into their cloud (Office 365). This move appears to give easy-to-implement, flexible working for staff. “However,” said a spokesperson, “we should know by now that ‘cheap’ and ‘easy’ doesn’t equate to good cyber security”.

“The most common attacks are phishing emails that trick users into divulging their login and password. This exploits the number one vulnerability in cloud based desktop implementations, exposing your login to the Internet.

Attackers then typically set-up email forwarding, send malicious emails and delete sent items to cover their trail. Where senior managers are compromised, they often follow-up with telephone-based attacks to illicit payments from the company”.
There are security measures you can put in place, and as a minimum, make sure you implement 2-factor authentication. And, where possible add IP-address lock down. “Remember, a sophisticated attacker can still complete a ‘man in the middle’ attack even with 2-factor authentication in place.”

Wider cyber security controls also play a role in preventing (and detecting) these attacks, including email filtering, web filtering, logging with 24/7 monitoring and alerting, staff training to spot attacks and report where they have been tricked.

“So, whilst cloud-based projects offer business benefits, they continue to be the main source of breaches, and therefore need careful consideration and appropriate security from the start.”

Cloud app adoption is rising to support business productivity, but a lack of security infrastructure could be compromising data.

It goes without saying that you shouldn’t leave your company security down to luck, or to what may appear to be ‘cheap’ and ‘easy’ solutions without the proper cybersecurity measures in place.

It’s equally important to keep up with the ever-evolving IT landscape, and partnering with ITSOL will ensure this for your organisation. We have thorough and rigorous Pen Testing systems, and work with you to modernise, innovate and secure your business IT, utilising our long-standing partnerships with global technology leaders and our knowledge and expertise.

There are some key questions businesses and individuals ask – What needs to be protected? How should it be protected? Who should be granted access?

With the known threat of malicious breaches, theft of proprietary data and compliance requirements, security is now a priority for virtually every organisation. What are you doing to ensure your organisation is cyber-secure?

It is our business to help you protect yours – we provide a plan to protect your data and reduce your risk.

Would you like an IT Audit? Here’s how to get in touch – we look forward to helping you.