Reducing Exposure To Cyber Attack

Uploaded on 2020-08-03 in NEWS-Cybersecurity News, FREE TO VIEW

The Internet is a hostile environment where threat of attack is ever present as new vulnerabilities are released and commodity tools are produced to exploit them.  Doing nothing is no longer an option.  Protect your organisation and your reputation by establishing some basic cyber defences to ensure that your name is not added to the growing list of victims. 
 
Cyber-crime has become more organised and sophisticated than ever before, making it critical for every organisation to communicate risks like phishing effectively across the business. There are effective and affordable ways to reduce your organisation’s exposure to the more common types of cyber attack on systems that are exposed to the Internet. 
 
The Following Controls Are Important:

Cyber security is finally getting the attention it deserves in the boardroom. As the number of high-profile data breaches continues to rise, there’s been a greater emphasis on managing cyber risk to reduce the chance of an attack. Furthermore, while cyber security is everyone’s responsibility, resilient organisations require positive  leadership.

If the CEO visibly takes  cyber security seriouslyt hen this will permeate throughout the organisation and help create a culture of enhanced cyber security awareness.

  • Boundary firewalls and Internet gateways - establish network perimeter defences, particularly web proxy, web filtering, content checking, and firewall policies to detect and block executable downloads, block access to known malicious domains and prevent users’ computers from communicating directly with the Internet
  • Malware protection - establish and maintain malware defences to detect and respond to known attack code
  • Patch management - patch known vulnerabilities with the latest version of the software, to prevent attacks which exploit software bugs
  • Whitelisting and execution control - prevent unknown software from being able to run or install itself, including AutoRun on USB and CD drives
  • Secure configuration - restrict the functionality of every device, operating system and application to the minimum needed for business to function
  • Password policy - ensure that an appropriate password policy is in place and followed
  • User access control - include limiting normal users’ execution permissions and enforcing the principle of least privilege
If your organisation is likely to be targeted by a more technically capable attacker, give yourself greater confidence by putting in place these additional controls set out in the 10 Steps to Cyber Security recommended by the British National Cyber Security Centre:
  • Security monitoring - to identify any unexpected or suspicious activity
  • User training education and awareness - staff should understand their role in keeping your organisation secure and report any unusual activity. We strongly recommend GoCyber as powerful training tool to transform user behaviour. 
  • Security incident management - put plans in place to deal with an attack as an effective response will reduce the impact on your business

Home, mobile working and remote system access offers great benefits, but produces new risks that need to be managed. You should establish risk based policies and procedures that support mobile working or remote access to systems that are applicable to users, as well as service providers. 

Strengthening your organisations cyber security is about reducing the attack surface and then reducing insider errors, making it much harder for criminals to break in. Train your users on the secure use of their mobile and other devices in any the environments they are likely to be working in.
 
 NCSC:         NCSC:      Meta Compliance

If you would like more specific information about how you can improve your cyber home and business security, please contact Cyber Security Intelligence for recommendations on the right solutions for your business. 
 
You Might Also Read: 
 
Easing Out Of Lockdown: Why Should Cyber Security Remain High On The Agenda?:
 
« European Union Sanctions Cyber Attackers
Secret Brexit Documents Hacked By Russians »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Australian Cyber Security Growth Network (AustCyber)

Australian Cyber Security Growth Network (AustCyber)

AustCyber brings together businesses and researchers to develop the next generation of cyber security products and services.

PlainID

PlainID

PlainID provides IAM teams with a simple and intuitive means to control their organization’s entire authorization process.

Data61

Data61

Data61 is Australia’s leading digital research network offering the research capabilities, IP and collaboration programs to unleash the country’s digital & data-driven potential.

Vuntie

Vuntie

Vuntie blend European craftsmanship, performance and open-source technology to deliver cybersecurity services including penetration testing, incident response, training and consultancy.

Method Cyber Security

Method Cyber Security

Method offers a Cyber Security Risk Management training course for those responsible for the security of industrial automation, control and safety systems.

World Congress on Industrial Control Systems Security (WCICSS)

World Congress on Industrial Control Systems Security (WCICSS)

The World Congress on Industrial Control Systems Security (WCICSS) is focused on emerging trends in protection of industrial control systems.

ClassNK Consulting Service (NKCS)

ClassNK Consulting Service (NKCS)

ClassNK Consulting provides consulting services to the maritime industry with a focus on safety, security and compliance.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Sevco Security

Sevco Security

Sevco Delivers Real-time Asset Intelligence to Identify and Close Unknown Security Gaps.

Invicti Security

Invicti Security

Invicti Security is an AppSec leader transforming the way web applications are secured.

Fenix24

Fenix24

Fenix24 is an industry leader in the incident-response space. We ensure the fastest response, leading to the full restoration of critical infrastructure, data, and systems.

Riot Security

Riot Security

In today's world, most successful cyberattacks start by a human failure. Riot have developed a platform that makes it easy to prepare your employees for cyberattacks, in a way they love.

Myntex

Myntex

Myntex® builds the future of mobile security. We empower our partners to deliver exclusive mobile endpoint security software, fortifying against mobile threats, device exploits and data exfiltration.

coc00n

coc00n

coc00n secures the devices of high-value and high-interest individuals against cyber attacks.

Neya Systems

Neya Systems

Neya Systems, a leader in advanced off-road autonomy and high-level multi-robot mission planning, provides innovative solutions for uncrewed ground, aerial, and surface vehicles.

Norwegian Data Protection Authority (Datatilsynet)

Norwegian Data Protection Authority (Datatilsynet)

The Norwegian Data Protection Authority (Datatilsynet) is the national data protection authority for Norway.