28 August 2015

Preparing your company for a cyber-incident

Author :

Data and information security is a high priority for many companies around the globe in this era of digital revolution. The risk, threats and vulnerabilities are also evolving as companies adopt emerging digital technologies.

The growing popularity of cloud, mobile technology and apps present new challenges for IT and risk staff in an organisation. These could range from ensuring secure access to the corporate network to protecting data.

Employee training and education is paramount in staying cyber secure for many companies. Floyd Woodrow, CEO, Chrysalis-Worldwide said that I think we all agree it is about education as a front line defence. Once our workforce are aware of the threat and how they can protect company assets/their jobs it is amazing how effective they are at spotting attacks and then not being afraid to tell someone they think something is wrong with their system.”

Effectively working with your chosen vendor to address these emerging risks and threats is also vital. Tyler Shields, principal analyst from Forrester Research highlights the importance of having security measures in place for vendors in a recent article where he said “Defence in depth, data encryption and requiring all vendors and service providers to be bound to strong security standards in writing are musts”

Heimdal Security, a solution provider highlighted 10 cyber security risks that companies need to prepare for: 

1.       Failure to cover cyber security basics: Often companies lack the fundamental cyber security measures

2.       Not understanding what generates corporate cyber security risks

3.       Lack of a cyber-security policy: The need for specific standards is vital: this is because security risks are not always obvious

4.       Confusing compliance with cyber security: Compliance with company rules is not equivalent of protecting the company against cyber attacks

5.       The human factor: The human factor plays an important role in how strong (or weak) a company’s information security defences are

6.       Bring your own device policy (BYOD) and the cloud

7.       Funding, talent and resources constraints: Tight budgets and scarce resources can also incur cyber attacks

8.       No information security training: Increasing awareness and employee training about these risks is vital

9.       Lack of a recovery plan: A effective recovery plan can minimise damage and also allow companies to resume operation quickly 

10.   Constantly evolving risks: Need to be aware of polymorphic malware, trojan, spyware, etc

Companies adopting digital technology increases innovation, collaboration, productivity and competitiveness however it is vital to be cautious of the threats and risks that they pose.

Floyd Woodrow in an article also mentioned that Cyber crime is here to stay and will become more complicated, the key element is how we defend against current and future threats. We must be more proactive in our approach to developing counter measures of the future.”
I couldn’t agree with his view more particularly in today’s highly connected society where companies of all sizes must prepare for the unknown and have the ability to withstand high impact security events.
When Aranei was seven she truly believed she could one day train turtles in the Galapagos. Unfortunately she came to the realization that such a thing could never happen. A couple of years later, she decided to be a conference producer and has never looked back. The best part of her role is exploring different sectors and getting in-depth insights from thought leaders and well-experienced specialists from varying sectors.      

1 comment :

  1. Thank you for the informative article!
    Yes, it has become a usual thing to hear about cyber-security everywhere. First of all we should understand what value this or that personal or business information has. If you present a huge company with tons of important business data, it is better to use virtual data room like Ideals data room for holding it in there for security reasons. But if you are just an individual that has nothing to hide from the world, whether it is personal data or social activity, there is nothing to fear, you will probably stay unnoticed by hackers.