Reducing Exposure To Cyber Attack

Uploaded on 2020-08-03 in NEWS-News Analysis, FREE TO VIEW

The Internet is a hostile environment where threat of attack is ever present as new vulnerabilities are released and commodity tools are produced to exploit them.  Doing nothing is no longer an option.  Protect your organisation and your reputation by establishing some basic cyber defences to ensure that your name is not added to the growing list of victims. 
 
Cyber-crime has become more organised and sophisticated than ever before, making it critical for every organisation to communicate risks like phishing effectively across the business. There are effective and affordable ways to reduce your organisation’s exposure to the more common types of cyber attack on systems that are exposed to the Internet. 
 
The Following Controls Are Important:

Cyber security is finally getting the attention it deserves in the boardroom. As the number of high-profile data breaches continues to rise, there’s been a greater emphasis on managing cyber risk to reduce the chance of an attack. Furthermore, while cyber security is everyone’s responsibility, resilient organisations require positive  leadership.

If the CEO visibly takes  cyber security seriouslyt hen this will permeate throughout the organisation and help create a culture of enhanced cyber security awareness.

  • Boundary firewalls and Internet gateways - establish network perimeter defences, particularly web proxy, web filtering, content checking, and firewall policies to detect and block executable downloads, block access to known malicious domains and prevent users’ computers from communicating directly with the Internet
  • Malware protection - establish and maintain malware defences to detect and respond to known attack code
  • Patch management - patch known vulnerabilities with the latest version of the software, to prevent attacks which exploit software bugs
  • Whitelisting and execution control - prevent unknown software from being able to run or install itself, including AutoRun on USB and CD drives
  • Secure configuration - restrict the functionality of every device, operating system and application to the minimum needed for business to function
  • Password policy - ensure that an appropriate password policy is in place and followed
  • User access control - include limiting normal users’ execution permissions and enforcing the principle of least privilege
If your organisation is likely to be targeted by a more technically capable attacker, give yourself greater confidence by putting in place these additional controls set out in the 10 Steps to Cyber Security recommended by the British National Cyber Security Centre:
  • Security monitoring - to identify any unexpected or suspicious activity
  • User training education and awareness - staff should understand their role in keeping your organisation secure and report any unusual activity. We strongly recommend GoCyber as powerful training tool to transform user behaviour. 
  • Security incident management - put plans in place to deal with an attack as an effective response will reduce the impact on your business

Home, mobile working and remote system access offers great benefits, but produces new risks that need to be managed. You should establish risk based policies and procedures that support mobile working or remote access to systems that are applicable to users, as well as service providers. 

Strengthening your organisations cyber security is about reducing the attack surface and then reducing insider errors, making it much harder for criminals to break in. Train your users on the secure use of their mobile and other devices in any the environments they are likely to be working in.
 
 NCSC:         NCSC:      Meta Compliance

If you would like more specific information about how you can improve your cyber home and business security, please contact Cyber Security Intelligence for recommendations on the right solutions for your business. 
 
You Might Also Read: 
 
Easing Out Of Lockdown: Why Should Cyber Security Remain High On The Agenda?:
 
« European Union Sanctions Cyber Attackers
Secret Brexit Documents Hacked By Russians »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Australian Information Security Association (AISA)

Australian Information Security Association (AISA)

AISA champions the development of a robust information security sector by building professional capacity and advancing the cyber security of the public, business and governments in Australia.

Tiro Security

Tiro Security

Tiro Security is a boutique company specializing in information security and IT audit recruitment and solutions.

AFCERT

AFCERT

AFCERT is the national Computer Emergency Response Team for Afghanistan.

Cybernetica

Cybernetica

Cybernetica is an ICT company with activities in e-government, marine comms, data analysis and research in information security technologies.

Cybraics

Cybraics

Cybraics nLighten platform implements a unique and sophisticated artificial intelligence engine that rapidly learns your environment and alerts security teams to threats and vulnerabilities.

ESTsecurity

ESTsecurity

ESTsecurity provides intelligent security threat management solutions to make a safer world.

Maritime Cyber Alliance

Maritime Cyber Alliance

Maritime Cyber Alliance was established in 2017 by Airbus , CSOAlliance , MCSA & Wididi to provide a medium for both public Cyber Safety advice and for businesses to discuss Cyber concerns.

Dathena

Dathena

Dathena is a company developing data governance software based on machine learning algorithms.

Digi International

Digi International

Digi is a leading global provider of mission-critical and business-critical machine-to-machine (M2M) and Internet of Things (IoT) connectivity products and services.

Sabat Group

Sabat Group

Sabat Group provide relationship-driven information security & cyber security recruiting services.

Informatics International

Informatics International

Informatics is a leading ICT provider in Sri Lanka, providing cutting-edge software & infrastructure solutions and services including cyber security.

Bechtle

Bechtle

Bechtle is one of Europe’s leading IT service providers offering a blend of direct IT product sales and extensive systems integration services.

Cranfield University

Cranfield University

Cranfield Defence and Security are at the forefront of their fields, offering capabilities ranging from cyber security and digital warfare to robotics, forensic sciences and simulation and analytics.

Defimoon

Defimoon

DeFimoon is the International Blockchain Development & Security Agency. We provide professional services and solutions at the highest quality on world-leading chains.

Huntr

Huntr

Huntr provides a single place for security researchers to submit vulnerabilities, to ensure the security and stability of AI/ML applications.

White Knight Labs

White Knight Labs

White Knight Labs is a cyber security consultancy that specializes in cybersecurity training.