How Companies Can Minimise Cyber Attack Damage

The recent wave of ransomware attacks and preceding waves of cyber breaches could make it appear as though cyber criminals want their pay-off immediately. 

However, cyber criminals often exploit security breaches over the course of months and even years, in covert attacks that can do far more damage to an organisation. SME’s are especially vulnerable to attacks and the scope of damage, but so are large businesses. A lone hacker that took down British Airway’s website for one hour caused a £100,000 loss. 

Another issue is that businesses must now report breaches of their customers’ personally identifiable information security with the General Data Protection Regulation (GDPR).

This means that security breaches must be reported to the authorities within 72 hours of detection if personally identifiable data is at risk. Fines are imposed for a failure to do so, and identifying breaches is often incredibly challenging. 

Benjamin Hosack, Chief Commercial Officer of cyber security firm Foregenix, outlines steps organisations should take in order to minimise the chance to being hacked, improve the ability to identify hacks early and substantially reduce possible damage:

1. Install updates – Research based on 80,000 European websites found that 80% are vulnerable to cyber-attacks and the main reason is a simple failure to install the latest updates. So, patch or update all software.

2. Use threat detection services – Specialist cyber security firms provide high–end Managed Detection and Response Services to cyber threats. As most organisations struggle to detect the threats in the first place, this type of service is vital.

3. Use a honeypot – Honeypots are decoys that appear to be legitimate components of an organisation’s network, containing valuable data. As soon as a honeypot has attracted the attention of the cyber-criminal, a warning is triggered. Combining a honeypot with other security controls provides an additional layer of security.

4. Train your employees – The biggest cyber security weakness in an organisation is the people. Training team and non-technical staff is key. Workers must be informed about the latest cyber threats security. Awareness of threats and how the business might be attacked is important in order to be able to raise the alarm.

5. Monitor security alerts daily – Attack traffic usually has a very specific pattern and hacked business systems can be detected quickly if security alerts are being monitored across the business.

6. Learn from the past to predict future attacks – Cyber criminals certainly do like to strike in the same place twice, and often by the same methods. Pre-emptive action and monitoring based on past attacks can lead to quick identification of a security breach. 

iHLS:                Image: Nick Youngson

You Might Also Read:

The BA Hack And How Not To Respond To A Cyber Attack

« Don't Underestimate The Impact Of Phishing
Russian Internet Research Agency Has A New Propaganda Campaign »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Tripwire

Tripwire

Tripwire are a leading provider of risk-based security, compliance and vulnerability management solutions.

Privacy Professor

Privacy Professor

Privacy Professor provides information privacy, security and compliance services, tools and products to organizations in a wide range of industries.

Tinfoil Security

Tinfoil Security

Tinfoil is a simple, developer friendly service that lets you scan your website for vulnerabilities and fix them quickly and easily.

Beame.io

Beame.io

Beame.io is an information security company that distributes open source authentication infrastructure based on encryption.

Early Warning Services

Early Warning Services

Early Warning is committed to providing awareness, education, and enablement around fraud prevention.

Center for Long-Term Cybersecurity (CLTC)

Center for Long-Term Cybersecurity (CLTC)

The Center for Long-Term Cybersecurity is developing and shaping cybersecurity research and practice based on a long-term vision of the internet and its future.

Cybeats Technologies

Cybeats Technologies

Cybeats delivers an integrated security platform designed to secure and protect high-valued connected devices.

Propelo

Propelo

Propelo (formerly LevelOps) is an engineering excellence platform that helps increase developer productivity and improve security with data-led insights and workflow automation.

Inspira Enterprise

Inspira Enterprise

Inspira Enterprise is a leading digital transformation company with expertise in Cyber Security, Internet of Things (IOT), Blockchain, Big Data & Analytics, Intelligent Automation and Cloud Computing.

Nisos

Nisos

Nisos provides unrivaled protection of your reputation and assets through the practice of Active Defense.

Execweb

Execweb

Execweb are a cybersecurity executive network, comprised of 400+ security practitioners who work at Fortune 500 and SME companies.

Ivolv Cybersecurity

Ivolv Cybersecurity

Ivolv is here to assist your organization in building effective protection and resilience against cyber attacks.

Averlon

Averlon

Averlon offers organizations peerless cloud security through Panoptic Cloud Visibility, Predictive Attack Intelligence and Rapid Remediation.

NuKuDo

NuKuDo

NukuDo redefine the boundaries of cybersecurity talent development. We are dedicated to cultivating top-tier professionals equipped to tackle the complex challenges of cybersecurity.

Invisinet Technologies

Invisinet Technologies

Invisinet is a cybersecurity technology company specializing in innovative solutions that protect network infrastructure and critical assets from advanced threats.

DefectDojo

DefectDojo

DefectDojo is a DevSecOps and vulnerability management tool.