Cyber security has often been ignored by businesses and the general public. Many still labour under the impression their data is of no interest to anyone else. If you still think like this it’s time to wake up and smell the coffee.
According to James Scott, a senior fellow at the Institute for Critical Infrastructure Technology:
There are only two types of networks – those that have been compromised and those that are compromised without the operators of awareness.
Think about that from moment. It’s a blunt and scary scenario but not something that should make us run for the hills. We need to develop realistic and robust approaches to the ever-increasing cyber threats we’ll face now and in the future. It’s a dynamic threat that will morph and change by the hour.
This weekend the news broke about a hack at the seat of the Westminster email system. It really doesn’t matter where you are or what you do. As cyber threats continue to evolve it is obvious that cyber security needs to be as agile, flexible and as creative as your own business model and approach to life.
On Friday Virgin Media warned a section of its customers that if they used a Super Hub Router then it would be necessary to reset their passwords after hackers were found to have the ability to gain access, although no breach had occurred.
You might think this shows how savvy big companies have become. How great is that to be advised before a hack occurs? Sadly, this is not the case. Which? magazine undertook an investigation whose results demonstrated that it would only take around four days for hackers to be able to access most home networks.
You could say that is only the work of ethical security researchers that prompts big businesses to take action. A company may well say their legacy systems are incapable of encryption but that’s not true. Others may say they upgrade their systems and equipment ‘to ensure industry standards are met’. But that’s not enough. Cyber security threats mutate like viruses. Organisation cannot rest on their laurels and neither can we.
Look at it this way you may well secure your business network but think again when you access it through a home computer for example. There are many vectors along which you can be compromised. Everyone has to believe they have been compromised until you can prove otherwise. It really is that simple.
If you have a CCTV camera system with internet access, you may find your personal activities might be watched over the internet. You may even assist criminals, by telling the cameras to film just when you are present or not. You cannot connect to the IoT with impunity.
With so many Bluetooth devices available, the opportunities for compromise increase daily. Certainly it’s a contemporary issue and something everyone needs to consider.
The health care industry and the governments are both very vulnerable. Their vulnerabilities affect each one of us. We need to consider our own security very carefully and make it a part of something we think about and attend to regularly. The problem is right now the average breach is not detected, let alone reported, for more than 200 days.
So what should you do about your business cyber security in 2017?
- The most important aspect is to shift your organisation’s security to the very top of your to-do list.
- Learn that security cannot be compromised for convenience.
- Tell everyone that 1% spent on security will produce a 5% reduction in security incidents.
- Prioritise data protection. If you are in the UK or the EU then by 2018, the General Data Protection Regulation (GDPR) will be in force. Fines for non-compliance will be enormous.
- Review any old or outdated technology.
- Encrypt data when it’s stored, when it’s transmitted and when it’s processed. Most only shield data when it’s actually being stored.
- Review your firewalls. They will not actually prevent traffic interception.
- Don’t assume your current provision covers you. It’s not enough to think you’re covered you need to find out for definite and keep asking the question.
- Make sure you find help with enterprise key management, encryption, data masking and tokens as appropriate.
Being hacked is a part of contemporary life
It’s safe to say that you probably cannot stop a persistent attack. It’s likely your systems will be penetrated: we have to live with that. However, what we can do is to ensure but even if access to critical systems occur, sensitive information should be protected in such a way that little can be done with it. What you want is a situation where stored data cannot be accessed without huge investment in resources and time. It’s the same as upping your home security. No one can prevent a determined criminal but you can make them feel the risk outweighs the gain and time required.
The other important aspect to the cyber security debate is how well prepared your staff are not to betray you. This sounds dramatic but you can spend significant money on security systems but if a member of staff succumbs to spear phishing or distributed denial of service campaign, then your whole system can be compromised. Are your staff equipped to deal with this potential before they make an error? Are they still keeping sensitive passwords in a desktop file named Passwords? #justsaying.
Read this article about how to identify and avoid pfishing scams here.
This is where machine learning and artificial intelligence could make a huge difference. What behavioural intelligence can do is dynamically detect and deal with suspicious activity before any malicious code can be executed on any system. Behavioural analytics and even deeper learning algorithms can be utilised to detect and prevent or mitigate breaches whose starting point was human error or even a threat from the inside.
If you are interested in reading further regarding the hyper evolving threat landscape then read this detailed publication from The Institute for Critical Infrastructure Technology
About the author
Vivienne Neale is an associate visiting researcher at the University of Hertfordshire’s Cyber Security Centre. She is also a digital marketer and director of VKN Digital, marketing agency in Hertfordshire, UK.
We aim to help SMEs overcome marketing hurdles and create compelling digital content to drive results. If your website needs a refresh, new content, a rebrand, some general housekeeping – or perhaps you’re looking to build a new one from scratch – please get in touch via our contact page. We can also help with SEO, design and social media providing a one stop shop to make your marketing life easier.Tags: cyber security, hackers