Cyber security is generally agreed upon as a protection of electronic information, the ICTs that support cyberspace. It is also protection in a number of spaces including personal, professional, and even national. Sometimes, all three of these can interconnect into a cyber nightmare because one element was vulnerable to being attacked, which in turn had a domino effect for the others.
Cyber attackers make it their job to breach the security of a company or personal computer in order to profit in some way for the information that is housed there. They are always in a state of learning new ways to conduct that security breach. They are targeting small businesses more than ever before, including at-home offices. Many companies rationalize that if they are small enough and keep a low enough profile in the industry, that cyber-attackers pass the by and look for bigger targets. This is not so according to experts in the field of cyber security. So a framework based on securing a network needs to have flexibility in creating and also evolving with the people in the cyber-attack world that want to do them harm instead of just trying to keep up with regulations.
Industry regulatory implementations will not keep you safe; especially if they are only specific to your working environment. Most regulatory standards for cyber-security do not specifically reflect your businesses day-to-day work practices, your client base, and the technology that is specific to your company. This can lead to your company experiencing a catastrophic breach because cyber attackers specifically targeted your company’s weaknesses in some externally facing application that was an obvious vulnerability to them.
According to Ponemon’s 2016 “Cost of Data Breach Study,” the average consolidated total cost of a data breach grew from $3.8 million in 2015 to $4 million in 2016. Most defenses can stop known attacks but are defenseless against the unknown, advanced attacks. Despite these risks, organisations are attacked because of a lack of awareness around the importance of cyber-security.
Any organisation needs to make it their priority to strengthen their cyber-security systems with an implementation of an impenetrable security framework, security penetration testing. This includes a range of tests to measure the vulnerability of a chosen system. The call for the best security posture in 2017 will come with how a business is defined by their skill in being able to secure and track their data where it lives with a data management strategy based on a tenacious and connected design.
Additionally, an organization of any kind needs to take an inventory and analysis of actually what needs to be protected. This can run the gamut of each individual within the company all the way to national security and is usually the information technology infrastructure. What should be concluded in any assessment is that no matter what assets are included, they ALL need to be protected on the basis of the ICT that forms the foundation of the internet or cyberspace.
With much to gain and little to lose, cyber-attackers have strong incentives to attack.” SMBs are also easier targets, since, according to the U.N. data, 65 percent of them have no data security policy, FireEye notes.
For example, a review of 19 different national cybersecurity strategy documents has shown that the protection of the trust that citizens have in using cyberspace for commercial purposes is seen as vital by all the nations whose policies were covered by this review (Klimburg, 2012).
Just as information security expanded on the concepts of ICT security in order to protect the information itself, irrespective of its current form and/or location, cyber security needs to be seen as an expansion of information security.
Firstly, from the first and second scenarios it should be clear that, in cyber security, assets include the personal or physical aspects, both tangible and intangible, of a human being.
Cyber security is also about the protection of individuals utilizing resources in a cyber environment and about the protection of any other assets, including those belonging to society in general, that have been exposed to risk as a result of vulnerabilities stemming from the use of ICT.
Organisations need to utilize the skills of a cyber-security expert to help you design a framework that will be an asset in increasing your level of cyber security instead of flat-lining it. Their job in executing the security process is to select, suggest, and then implement security controls or countermeasures. The cyber-security experts you choose must understand who you are as a company and create a framework that suits how your employees work instead of just developing “workarounds” that are cookie-cutter security measures for any company. They must also be acutely aware that any system the design has to adhere to ethical standards, practices, and laws.
Leaders in the security industry like Dave Larson, from Corero Network Security. Colin Tankard from Digital Pathways, and Hitesh Sheth, of Vectra have spoken about current top threats in cyber-security that organisations need to be aware of and incorporate measures into their security framework to deter like the threat of nation-state sponsored attacks which they say are rising as of 2017 with saturating coverage of in the news of the cyber-hacking efforts of countries like China and Russia.
These efforts by countries to breach organisational security not only leads to confidential and sensitive material being extracted and exposed but for entities within those countries to extract money for political gains and other motives of espionage. Businesses cannot operate anymore on a belief system of the world being full of moral scrupulousness and old-fashioned business values. They must arm themselves for a potential cyber-battle with criminals looking for unsecured networks and devices in order to destroy a company’s foundation and shake it to its core. Only about 6 percent of those surveyed believe their organizations are “extremely well prepared” to respond to a security breach involving a major loss of information.
If your IT team focuses on these first among its security tasks, that will reduce the odds of your business becoming an easy mark. They’re items that you will want to periodically review — with your tech staff and users — throughout the year.
• Of real concern are threats that derive from mobile computing, email, employees bringing their own devices and apps into the workplace environment
• Phishing attacks are consistently the top threat. There isn’t any complete solution for deterring phishing attacks because cyber-hackers are always finding new ways to phish through email, text messages, social networks, websites that are infected with malware, and open wireless networks.
The aim of the cyber-attacker is to collect data that can be used to gain further access into a system, penetrate it, and then insert malware.
Cyber-attackers do this by looking for passwords. A preventative measure that can be discussed with employees is to not reuse the same passwords on other sites. Hackers will grab them through malware, especially if your password is weak and reused over and over again.
So, organisations must discuss the importance of the following proactive measures against phishing attempts:
1. How to identify unusual communications
2. Avoiding clicking on unknown links
3. Looking for the “https:” to confirm encrypted websites
4. To never bypass digital certificate warnings or pop-ups.
IT teams that are not skilled enough to handle upgrading to the latest Microsoft Windows operating system or Office open organisations to cyber attacks.
So, choosing IT teams and cloud partners with established security credentials is step one, but almost as important is ensuring a proper integration between the business’ systems and those of the cloud provider.
But it’s necessary that a business start with the latest OS, browser and productivity suite to gain that edge against a constant stream of new attacks.
• MAC USERS:
Mac OS X users have long had an advantage over their Windows counterparts because less malware targets OS X. But, infecting the platform isn’t as important an attack tactic as it once was — and hackers know it.
Some things that Mac users fall victim to are:
• A bit of JavaScript in a browser to steal cookies and credentials;
• A phishing site customized for your company;
• A sniffer on an open wireless network
Mac users need to install anti-malware tools like their Microsoft counterparts. They need both system protection and user education to stay off the victim list.
With a rise in ransomware, there is an unlikely level of a trusted relationship between the victim of the cyber-attack and the attacker. Cyber-attack groups are going to target organisations even more in 2017 for financial attacks.
Types of ransomware attacks have occurred in the last few years with at least 74 countries including US, UK, China, Russia, Italy, and Spain.
There are also cyber-threats that literally originate in the sky known as “dronejacking.” Drones are being used by organisations such as by federal and local law enforcement and media. They have also been increasingly used in the last several years by private citizens, including children. This poses a multitude of security problems by the sheer number and type of individuals who have access to this type of technology.
Many drones have little or no security, which makes it easy for anyone to hack the controls. For companies like Amazon and UPS who have started using drones in an ever-growing number to deliver packages, they need to be extra diligent in not inviting cyber criminals into their networks. Hackers can easily “dronejack” a delivery by finding a space with regular drone traffic like a delivery system and waiting for the drone targets to emerge.
For law enforcement drones, they may be able to disable surveillance cameras if the agency does not have a secure system in place against cyber-attack.
There is an expectation in 2017 of seeing drone toolkits for consumers and organisations alike that will help with creating a framework for drones that will help with this issue.
• Destructive Distributed Denial of Service (DDoS) IOT attacks will rise
By cyber-attackers distributing a vast amount of cyber traffic aimed at one server, they create an overload and level of chaos for a business that sometimes cannot be overcome. The hackers did this by the exploitation of unsecured devices on the internet with malicious code through default passwords on the devices themselves.
This can be avoided by:
• Limiting the number of internet-connected digital devices
• Create strong and varying default passwords
• Update IoT devices with security patches
• Disable Universal Plug and Play (UPnP) on routers
Once a security framework is in place, it can be regulated and standardized to reduce risk even more. It also cannot be considered a project that happens only one time. Beyond initial certification and compliance procedures, the security framework needs to be consistently maintained with a dedicated Infosec staff to do the job.
Send us your CV and have our recruiters match you to the ideal opportunities
Do you already have an account with us?
Log inWant to have an account with us?
RegisterWant to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.