How Companies Can Minimise Cyber Attack Damage

Uploaded on 2018-11-20 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The recent wave of ransomware attacks and preceding waves of cyber breaches could make it appear as though cyber criminals want their pay-off immediately. 

However, cyber criminals often exploit security breaches over the course of months and even years, in covert attacks that can do far more damage to an organisation. SME’s are especially vulnerable to attacks and the scope of damage, but so are large businesses. A lone hacker that took down British Airway’s website for one hour caused a £100,000 loss. 

Another issue is that businesses must now report breaches of their customers’ personally identifiable information security with the General Data Protection Regulation (GDPR).

This means that security breaches must be reported to the authorities within 72 hours of detection if personally identifiable data is at risk. Fines are imposed for a failure to do so, and identifying breaches is often incredibly challenging. 

Benjamin Hosack, Chief Commercial Officer of cyber security firm Foregenix, outlines steps organisations should take in order to minimise the chance to being hacked, improve the ability to identify hacks early and substantially reduce possible damage:

1. Install updates – Research based on 80,000 European websites found that 80% are vulnerable to cyber-attacks and the main reason is a simple failure to install the latest updates. So, patch or update all software.

2. Use threat detection services – Specialist cyber security firms provide high–end Managed Detection and Response Services to cyber threats. As most organisations struggle to detect the threats in the first place, this type of service is vital.

3. Use a honeypot – Honeypots are decoys that appear to be legitimate components of an organisation’s network, containing valuable data. As soon as a honeypot has attracted the attention of the cyber-criminal, a warning is triggered. Combining a honeypot with other security controls provides an additional layer of security.

4. Train your employees – The biggest cyber security weakness in an organisation is the people. Training team and non-technical staff is key. Workers must be informed about the latest cyber threats security. Awareness of threats and how the business might be attacked is important in order to be able to raise the alarm.

5. Monitor security alerts daily – Attack traffic usually has a very specific pattern and hacked business systems can be detected quickly if security alerts are being monitored across the business.

6. Learn from the past to predict future attacks – Cyber criminals certainly do like to strike in the same place twice, and often by the same methods. Pre-emptive action and monitoring based on past attacks can lead to quick identification of a security breach. 

iHLS:                Image: Nick Youngson

You Might Also Read:

The BA Hack And How Not To Respond To A Cyber Attack

« Don't Underestimate The Impact Of Phishing
Russian Internet Research Agency Has A New Propaganda Campaign »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Synelixis Solutions

Synelixis Solutions

Synelixis Solutions is a high-tech company founded to provide complete telecommunications, networking, security, control and automation solutions.

CyBOK - University of Bristol

CyBOK - University of Bristol

CyBOK is a comprehensive Body of Knowledge to inform and underpin education and professional training for the cyber security sector.

JobStreet.com

JobStreet.com

JobStreet is one of Asia’s leading online employment marketplaces in Malaysia, Philippines, Singapore, Indonesia and Vietnam.

Crypsis

Crypsis

Crypsis was built based on a shared vision of creating a more secure digital world by providing the highest quality incident response, risk management, and digital forensic services.

DDOS-Guard

DDOS-Guard

DDoS-GUARD is one of the leading service providers on the global DDoS protection and content delivery markets.

WolfSSL

WolfSSL

wolfSSL is an embedded SSL/TLS library providing secure communication for IoT, smart grid, connected home, routers, applications, games, phones, and more.

Arcanna.ai

Arcanna.ai

Using a wide range of out-of-the box integrations, Arcanna.ai continuously learns from existing enterprise cybersecurity experts and scales your team’s capacity to deal with threats.

ResilientX

ResilientX

ResilientX is an All-In-One Security Testing Platform designed to help MSPs and SMBs to perform their security testing and assessments without having to outsource IT.

Box

Box

Box is the Cloud Content Management company that empowers enterprises to revolutionize how they work by securely connecting their people, information and applications.

Reach Security

Reach Security

Reach is the first generative AI platform purpose-built to empower enterprise security teams. With Reach, organizations measure, manage, and improve their enterprise security posture at scale.

P3M Works

P3M Works

P3M Works delivers Cyber Security and Digital Transformation projects across both private and public sector clients.

Hakai Security

Hakai Security

Hakai is a consulting firm specializing in information security that offers customized services and products to meet the needs and goals of each business.

Veracity Trust Network

Veracity Trust Network

Veracity Trust Network safeguards organisations from the threat of bot attacks on their public facing platforms.

Infodot Technologies

Infodot Technologies

Infodot Technologies specialize in a co-managed IT support and services approach, where businesses share their IT responsibilities with a skilled Managed IT Services Provider (MSP).

Pantherun Technologies

Pantherun Technologies

Pantherun is a pioneering force in the realm of encryption technology and data protection solutions.

Patero

Patero

Patero provides cybersecurity technology solutions that make your data indecipherable with quantum-safe encryption.