[BreachExchange] Protecting Your Business In 2018’s IT Landscape

Audrey McNeil audrey at riskbasedsecurity.com
Thu Jan 4 18:57:31 EST 2018


Back in 1995, when Bill Gates set up Windows 95, there were very few IT
applications and, according to Internetlivestats.com, only 0.8 per cent of
the world’s population had internet access at home. Therefore, the risk of
cyber-attacks was relatively low.

Since then, the IT landscape has changed dramatically. It was estimated
that in 2016, 46.1 per cent of the world’s population had internet access
at home — a huge increase since 1995. A single device is now capable of
processing an extraordinary number of applications and cloud technology
means data can be easily shared between devices. These technological
advancements have considerably increased the risk of cyber-attacks.

There are things that every business must do to protect its employees,
customers and stakeholders from the potentially damaging effects of attacks
such as the ransomware attack on the NHS.

Everybody Is A Security Officer

The task of ensuring cyber security in a business can no longer fall to one
or two security officers. Everybody must have an awareness of the potential
threats, how to protect against them and how to respond in the case of a
security breach. The cyber-security of a business increases considerably if
everybody takes simple but effective protective measures. These measures
must include installing antivirus software, keeping all software updated,
identifying suspicious popups and regularly changing passwords. Common
sense is the first line of defence.

Comply With GDPR

In May 2018, the new general data protection regulations (GDPR) will
enforce new mandatory requirements for businesses. In essence, you will
need to know exactly where all data is stored, how it is held and how it
can be accessed. By complying with these regulations, you will be helping
to keep your business’s data and IT systems safe from cyber-crime.

Have A Strategy In Place

The key to dealing with cyber-crime is to protect, detect and respond. Once
an attacker has access to data, it’s extremely difficult to retrieve it.
Therefore, prevention is better than cure. Regardless of how well you
protect your business, cyber-attacks may still occur, so everybody must
know the signs. According to a 2017 cyber security breaches survey from the
Government’s department for digital, culture, media and sport, 46 per cent
of organisations had experienced a cyber-attack in the past twelve months.
However, many others may have been attacked but did not realise.

To make sure you detect any cyber-attacks that you may fall victim to, look
out for unusual password activity notifications, slow network speed and
suspicious e-mails or popups — all of which could indicate a breach.

Businesses must also be prepared to respond to a cyber-attack. As of May
2018, the GDPR will state that a cyber breach must be reported in 72 hours.
Failure to comply could result in a fine of up to €20 million or four per
cent of your business’s global turnover. In addition to reporting the
attack, the breach should be contained by shutting down all IT equipment
and assess all systems that could have been compromised.

The May 2017 attack was the largest cyber-attack the NHS has ever fallen
victim to. NHS England stated that no patient data was compromised and the
staff response was commendable. However, this attack may potentially have
been avoided if the NHS had been more diligent in its cyber protection
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180104/f047dd5d/attachment.html>

More information about the BreachExchange mailing list