Cyber security: how to protect your business
As the latest cyber attack on big organisations hits the news, we cover what businesses need to do to protect themselves and explain why it starts with the basics
As the latest cyber attack on big organisations hits the news, we cover what businesses need to do to protect themselves and explain why it starts with the basics
As the latest cyber attack on big organisations hits the news, we cover what businesses need to do to protect themselves.
Ransomware and Advanced Persistent Threat (APT) are terms the public have become familiar with in recent times. APT is recognised as a an unauthorised person gaining access to a network for a long period of time, with the intention of stealing data or causing damage to the organisation.
Some of the high profile APT’s are alleged to have disrupted an Iranian nuclear programme and impacted the hard drives of a major Saudi energy company. What is more worrying is that this unauthorised access has, on some networks, gone undetected for years.
Technology has often been the suggested answer to protecting the organisation against these types of attack and to a certain degree, it works.
But the question emerging is, what happens if technology alone isn’t the answer?
Steps to take
The recent attacks highlight the need for organisations to get their cybersecurity basics right. There are a few simple steps that can mean the difference between being a victim on a catastrophic level or being able to contain the risk.
It is often said that 100% security isn’t achievable. Even those companies with the largest security budgets can be compromised, evidenced by the origins of the Wannacry code, with the USA’s National Security Agency taking responsibility for creating the original code.
But organisations that implement the basics and follow a Prevent, Detect, and Respond model will in the long run be able to help better protect the organisation from future attack:
Prevent and Detect
Respond
Summary
Companies have invested significant sums of money over the years in trying to protect themselves against ‘Advanced Persistent Threat’. However, the latest attacks should act as a reminder that technology alone isn’t the answer.
The first step to building a robust security framework should always start with the basics.
Owen Purcell is lead partner, EMEIA Advisory Centre at Cyber GRC
Leave a Reply
You must be logged in to post a comment.