Can any business ever defend against every potential cyber-attack or protect its networks from hackers? The short answer to that is no. Determined hackers are enterprising and surprisingly skilled at finding even the smallest chink in your business’ security network. So does that mean you shouldn’t bother with security at all? Well, no: on the contrary. What your business should be doing is directing all its efforts at becoming resilient. The chances are that you will never be able to keep the lid on hacking, but what an organisation can do is ensure that they have robust cyber-resilient systems in place which identify risk and are capable of responding to security breaches.
6 steps to making your organisation more cyber-resilient
Understand your vulnerabilities and regularly test your security systems
Do you know where your real threat comes from? Well, the Global State of Information Security® Survey 2014 found that the most likely source of cyber-attack was hacking (32 per cent), followed by competitors (14 per cent) and organised crime (12 per cent). Does size matter? Not when it comes to vulnerability. Small organisations and businesses are just as vulnerable to automated and indiscriminate cyber-attacks, which target identifiable hardware and software vulnerabilities like un-patched software, inadequate passwords, poorly coded websites, insecure applications and poorly protected data.
Therefore, understanding your organisations’ vulnerabilities is vital. Businesses should test all of their security systems regularly and ensure that the Open Web Application Security Project (OWASP) and storage area network’s top ten vulnerabilities and security weaknesses are patched. If your business stores data in the Cloud, these tests should also cover the software provided by your Cloud service provider.
Ensure mobile devices are secure
Encrypt and secure access to all portable and mobile devices like laptops, mobile phones, BlackBerrys and USB sticks. Increased mobility can be good for business, but it’s vital to ensure that the expanding network perimeter remains secure and that any data taken beyond that perimeter remains private.
Ensure all inward- and outward-bound communication channels remain secure
E-mail, instant messaging, Live Chat, and other communication channels can be vulnerable, so it’s crucial to make sure that the channels are as secure as possible. It might seem like a fine line to draw, but a balance needs to be struck between making information available and protecting confidentiality.
Secure the internal network
Identify risks and implement controls against intrusions from internal threats like rogue wireless access points, unauthorised USB sticks and unencrypted mobile data storage devices like mobile phones, laptops and iPods.
Train your staff
Attackers understand that Employees are the weakest link in any security chain. Hackers understand and can exploit this. Therefore it’s vital to train workers to identify and respond to ‘social engineering’ attacks like ‘tailgating’ (piggybacking on someone with legitimate access), ‘phishing’ (defrauding an online account holder of financial information by posing as a legitimate company), ‘spear phishing’ (phishing attempts directed at specific individuals) and ‘pharming’ (directing internet users to a bogus website in order to obtain personal information). Businesses should also ensure that they have a robust social media strategy in place which minimises information loss through social media platforms like Facebook, LinkedIn and Twitter.
Any organisation’s ability to respond to and recover from data breaches will also depends on the capability of its technical staff. Therefore it’s important to ensure that they are adequately trained to manage cyber risk and apply cyber security controls: if IT is outsourced, then it’s important to check the supplier’s cyber security credentials.
Adopt appropriate information and cyber-security standards
Adopting key best practice standards for information security management, such as ISO 27001 and ISO 27032, will not only assure your organisation’s security and response capability; it will also assure business partners and customers that their information is safe in your hands.
If you need help with security reviews, penetration testing or web security solutions, please contact Krypsys on 01273 044072 or [email protected].