[BreachExchange] Cybersecurity | A forward-thinking approach
Audrey McNeil
audrey at riskbasedsecurity.com
Wed Jul 18 19:10:33 EDT 2018
https://www.comparethecloud.net/articles/cybersecurity-forward-thinking/
Cybersecurity is perhaps the most important issue in today’s business
world. But you don’t need to be told that: all you have to do is look at
the latest news headlines to be reminded of the severity of the cyber
threat landscape. Who could forget the infamous WannaCry attack from last
year, which impacted businesses the world over? Or how about the much more
recent Dixons Carphone breach, which involved the seizure of 5.9 million
payment cards and 1.2 million personal data records?
Incidents like this are recurring more frequently than ever before. This
has led to cybersecurity to go from something that was once left to the IT
department, to an issue that the entire organisation is responsible for.
All efforts also need to be championed from the very top, specifically the
C-level and the board.
The rise in cyber attacks cannot be denied, but the question remains: why
are we witnessing such an increase? While historically these attacks were
targeted primarily at companies within the insurance and financial services
industries, today no organisation is exempt from the threat.
This is mainly because setting up, carrying out and/or commissioning an
attack has never been easier or more accessible. It’s key to remember that
the majority of cyber attackers are purely opportunistic: they scan the
internet, searching for vulnerabilities in order to breach corporate
networks. Therefore, the more secure you are, the harder it is to suffer
from a breach and the more likely attackers will move on to easier targets.
Know what you’re up against
Despite best efforts, no cyber defence is 100% bulletproof. Every
organisation is fallible, which means it becomes more about mitigating the
risk of an attack and ensuring your organisation is well placed to continue
operating during and after an attack. This all comes down to having the
right, layered cybersecurity measures in place, shaped by your
understanding of the threat landscape and complemented by the skills and
expertise of a security partner.
The best way to tackle the risks associated with cybercrime is through a
risk-based approach. By knowing your business inside-out, understanding
your attack surface, the defences in place and the vulnerabilities in your
systems, it’s much easier to prioritise the risks around key three areas:
Technology, people and processes.
Clearing the hurdles
Cybersecurity is no easy task. Devising and putting a strategy in place
takes time, and there are various challenges to overcome on the way.
The two most common are a lack of cybersecurity expertise within your
business and the sheer complexity of understanding the solutions and
vendors in the market. Wading through multiple options, dealing with
multiple vendors and ensuring you’re delivering a holistic defence
programme is difficult. It’s often necessary to work with multiple tools as
there is no single solution that can address all areas of your business,
but managing, integrating and coordinating those tools only adds to the
overall complexity.
Anticipating the future
The cyber threat will never stop evolving in some way or another. Over
time, cybercriminals will get increasingly bolder and their tactics ever
more sophisticated. The devices being targeted will also change, and moving
forward we will see the majority of threats be focused around mobile phones
(attacks on smartphones will give hackers access to personal and work
information), as well as AI, machine learning and IoT. AI and machine
learning, in particular, is set to shift the landscape in unpredictable
ways, which will consequently change how businesses and cybersecurity
experts view the industry.
Working with a cybersecurity partner
Despite the likelihood of your business being targeted at some point, it is
possible for this risk to be effectively mitigated, and part of this lies
in working alongside cyber security experts. A trusted partner can provide
the industry knowledge, in-house skills and investment required to ensure
all actions undertaken are successful, while also boosting the skills and
knowledge of those within the company at the same time.
Conclusion
If businesses want to be able to deal with the inevitable risk that cyber
attackers pose, it’s imperative they have comprehensive cybersecurity
measures in place. This also needs to be a board-level issue; something
that is deemed critical to the likelihood of wider business success.
However, all organisations need to be prepared for obstacles along the way.
Not only must efforts be made to understand the cyber threat landscape, but
it’s also important to source the right combination of tools to meet your
organisation’s specific needs. To achieve this quickly and effectively, it
can help to work with an experienced and skill cybersecurity provider, who
can help you navigate this tricky route and ensure you’re doing all you can
to stay protected.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180718/77a7c920/attachment.html>
More information about the BreachExchange
mailing list