What Is A Good Cyber Strategy?

Uploaded on 2017-08-23 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Consulting

Cybersecurity has never been as important as it is today. Cyber-attacks are becoming ever more ambitious and overt.

The two big recent malware attacks, Petya and WannaCry both used phishing attacks to spread malware through networks, with Petya in particular, engaging sophisticated, multi-pronged methods which renders the user's computer inoperable, but also provides the hackers with full access to the usernames and passwords stolen from the computer.

The Cyber Security Breaches Survey 2017, published by the Department for Culture, Media and Sport and undertaken by Ipsos Mori stated some frightening figures about the preparedness of businesses to deal with these sustained and frequent attacks.

Whilst 74% of the 1500+ businesses surveyed said that cyber security is a very high priority for their senior management, and 67% have spent money on cyber security in some shape or form in the past year, only 33% have a formal policy that covers cyber-security risks. In addition, only 11% have a cyber security incident management plan in place.

The firms need to take a systematic approach to cybersecurity, covering three main elements. These are policy and procedures, technology, and education and training.

Firstly, firms need documented policies and procedures in place to safeguard business data, systems and networks and to meet regulatory compliance mandates.
The cyber incident response plan identifies the key systems, processes and personnel involved, and documents how the firm will go about preparing for an incident, detecting one, most importantly containing an incident, recovering from it and how the firm will undertake post-incident analysis.

The business continuity plan outlines the critical business processes and IT systems, and the recovery procedures and timescales.

Finally, the cyber-security framework details the user training the firm will undertake, the physical security measures they will put in place, how internal audits will happen, how risks will be identified and classified and how the supply chain will be de-risked.

The next step, getting the technology right, the hardware, software and systems, that protect every layer of data, is also more complex than it seems.
A robust cyber-security strategy should be multi-layered, and include email, mobile devices and other endpoints, web traffic and the network. Firms should also take into account data governance, and data should be encrypted, the physical environment should be secure, access should be managed closely, and firms should run regular penetration testing and vulnerability scanning across the technology estate.

The final component to the framework is to educate employees about cybersecurity, and provide effective training to help them identify malicious behaviour and to act accordingly to avoid or mitigate the risks.

One way of doing this is by regularly and without warning, testing users with simulated email, voice and SMS phishing attacks, personalised landing pages, attachments and spoof domains in order to highlight risks and employee weaknesses.

When employees fall victim to these attacks they can be given immediate feedback and a refresher on spotting the red flags.
 
With the threat of attack becoming increasingly more prevalent, it's not enough to do one of the components without the others. Precisely why a thorough and systematic approach is needed.

Hedgeweek:

You Might Also Read:

Cybersecurity Is Too Important To Leave To IT:

UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks:

Cyber Security Checklist For Management (£):

 

 

« You Might Need To Hire AI Expertise Sooner Than You Think
What is Machine Learning? »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Splunk

Splunk

Splunk provide real-time Security Information & Event Management solutions for Enterprise Networks, Cloud and small-scale IT environments

OpenSphere

OpenSphere

OpenSphere is an IT company providing security consultancy, information system risk management and security management services.

Yelbridges

Yelbridges

Yelbridges offer high quality IT security & risk management services to mitigate business risks.

GlobalPass

GlobalPass

Covering 200+ countries with 78 000 databases, GlobalPass provides sophisticated facial biometrics verification and deep screening, delivering peace of mind to every client.

Findcourses.com

Findcourses.com

Findcourses is a dedicated education search engine designed to make it easy for our learners to search and find exactly what they need from our community of trusted training providers.

OISTE Foundation

OISTE Foundation

OISTE foundation allows users to control their digital identities using well-understood and secure algorithms that ensure the continued validity of an identity and its claims.

iSecurity Consulting

iSecurity Consulting

iSecurity delivers a complete lifecycle of digital protection services across the globe for public and private sector clients.

Corsha

Corsha

Corsha is on a mission to simplify API security and allow enterprises to embrace modernization, complex deployments, and hybrid environments with confidence.

Cyber Risk Institute (CRI)

Cyber Risk Institute (CRI)

CRI is a not-for-profit coalition of financial institutions and trade associations working to protect the global economy by enhancing cybersecurity and resiliency through standardization.

Raonsecure

Raonsecure

Raonsecure is one of Korea’s leading ICT security software companies – providing a variety of PC and mobile security solutions to financial institutions, government, and enterprise.

Commonwealth Cyber Initiative (CCI)

Commonwealth Cyber Initiative (CCI)

The Commonwealth Cyber Initiative is establishing Virginia as a global center of excellence at the intersection of security, autonomous systems, and data.

Mitnick Security

Mitnick Security

Mitnick Security is a leading global provider of information security consulting and training services.

Cyber Protection Group (CPG)

Cyber Protection Group (CPG)

Cyber protection Group specialize in Penetration Testing. We work with enterprise level companies as well as small to medium sized businesses.

Secjur

Secjur

Secjur is a provider of AI-based compliance tools that aim to put compliance, data protection, information security and whistleblowing on autopilot.

CXI Solutions

CXI Solutions

CXI Solutions: Your trusted partner in cybersecurity. We offer a full range of cybersecurity solutions to protect your business from digital attacks and virtual threats.

Redapt

Redapt

Redapt is an end-to-end technology solutions provider that brings clarity to a dynamic technical environment.