With cyber threats from malware and cyber attacks to phishing and social engineering continually in the headlines, it can be difficult to assess the actual risks to your organisation so you can take appropriate action to mitigate them. In my view, you can’t manage anything that you don’t understand – so what is actually out there, and how vulnerable is your organisation to the different threats?
This week the Government launched a review to find out what’s needed to make UK business leaders take cyber security seriously. In our view, a good place to start is the government’s Cyber Essentials scheme, which is based on advice from the UK’s National Cyber Security Centre (NCSC), part of GCHQ.
In a digital world, network security moves from the organisation’s perimeter to the user. The most effective way to do this is to create a zero trust network, implementing least privilege and default deny policies for each user and each system.
Security is the one topic that everyone loves to hate. Sure it’s exciting to read about the vulnerabilities, but sometimes implementing the fixes can be a real headache.
With new cyber threats constantly emerging, we’re often asked for advice on how to stay one step ahead of the hackers and cyber criminals. A good first step is to review your organisation’s cyber security against five key controls set out in the National Cyber Security Centre’s Cyber Essentials scheme (see our recent blog), and it’s also vital to ensure that everyone in your organisation is prepared in case the worst happens.
If you were looking for help to improve your business’s cyber security, a good place to start would be the UK’s National Cyber Security Centre, part of GCHQ, whose role is to keep the country secure against cyber attacks. So when they provide free advice, you’d expect most businesses to be rushing to implement it. However, you’d be wrong. The NCSC has developed a security tool to help organisations protect themselves against the most common cyber threats, but although it’s been available for almost five years, less than ten per cent of UK businesses have implemented it.
You want to innovate. To transform your organisation with new services and help achieve the top-line. Security and compliance can seem like endless red tape and bureaucracy that simply get in the way.
With GDPR on the horizon, now is a good time to review your data security policy. The first step is to take a holistic look at your entire infrastructure, from how data is created or acquired to how it is valued, stored, accessed and disposed of. This includes data coming in from customers, partners and suppliers; data created within the organisation, such as presentations and reports; and data that goes out, such as invoices and proposals.
With last week’s Petya/NotPetya malware coming so soon after the Wannacry infection which affected more than 230,000 computers in over 150 countries, every organisation needs to assess their ability to cope with ransomware. That means considering a range of factors, from your patching regime to your back-up and disaster recovery provision. It only takes one user to accidentally click on an infected attachment and you could find yourself testing your DR plan!
You can imagine it now. If the world of IT security were to be played out as a pantomime today, the seeming villain of the piece would definitely be GDPR. Picture it, the face of the CISO when the crowd scream “It’s behind you!” as GDPR suddenly appears. Our hero knows that GDPR is lurking behind him but he is not quite sure a) how much of a threat it will be to him and b) exactly what he has to do to combat it.