The Lastline Daily Dose program supports National Cyber Security Awareness Month (NCSAM) with daily tips and advice to help individuals and organisations detect and prevent malware-based cyber attacks. Last week’s theme took readers through the basic steps to ensure online safety, including backing-up data, flagging keywords used in email attacks and not re-using passwords.
The theme for week 2 of NCSAM is cyber security in the workplace is everyone’s business. Here are the daily doses of advice for October 7-13.
Criminals aren’t standing still, so you can’t either–Complete a risk assessment yearly & keep security controls updated.
Our adversary is formidable, supported by organised crime and state sponsored crime rings. Crimeware is evolving at an astonishing speed. It’s just not possible to defeat tomorrow’s threats using yesterday’s technologies. It’s surprising how many corporations are using decades old security technologies.
>See also: National Cyber Security Awareness Month – simple steps to online safety
There is no shortcut when it comes to cyber security. Too many organisations approach it as a checklist item they have to hurry through, resulting in half-baked policies and plans. Bad plans lead to bad results.
Here are some additional roadblocks to adequate, effective security that many enterprises face.
Prioritise cyber security, including at the board level. Highlight the business benefits and the financial & branding downside of a breach.
It’s not enough for senior management to merely accept investments in security, they need to demand highly effective security. In order for them to do that, they must understand the risks, such as tarnished brand, financial loss, and customer churn, but they also need to understand the business benefits, the ROI on their investment. These can include competitive advantage that increases revenue as you pick up clients who abandon competitors after their data breach is exposed.
Readers might be interested in Lastline’s recent blog post about the progress that is being made, admittedly slowly, toward board room awareness and support for security investment.
Employees are your weak link–train, train, and train some more on detecting phishing and other social media attacks.
In a large-scale study by Verizon, 23% of recipients immediately opened phishing messages, and 11% of them went on to click on a link or open an attachment. You can be sure that all of those people have been warned about phishing.
>See also: Security and the threat of cybercrime is a real concern for organisations
Just as interesting, and worrisome, is that it happens fast. It takes an average of only 82 seconds from the time an attacker launches a phishing campaign, until the first victim takes the bait and clicks a malicious link.
And the users are completely unaware that anything bad is taking place. This isn’t just occurring with personal accounts. It also takes place at businesses and government agencies where the consequences can be dire.
Keeping employees, and therefore your company, safe involves carrots and sticks. Here are 11 suggestions for how to prevent a successful phishing attack.
Make patching a high priority—Old vulnerabilities with an available patch cause more damage every day than zero-days.
The WannaCry attack earlier this year is a particularly visible example of the importance of patching. It exploited a vulnerability in the Windows SMB service, which had been patched, but many companies did not install the patch. And the list of additional vulnerabilities is seemingly endless – and these are just the known vulnerabilities.
Given the number of systems and applications that IT departments manage, keeping everything patched is understandably a challenge. Using Patch Management software can ease the burden. TechTarget’s recent article is helpful for understanding how these work and selecting the version that fits your needs. If you’re a Gartner client, they also published a helpful report on patch management solutions.
>See also: Resolving the cyber security crisis of confidence
Don’t let breaches go undetected for weeks or months. Here are 7 steps to speed detection.
Many organisations that experience a breach won’t learn about it for months, or even years. During that time, today’s fast-paced cyber attacks can cause significant damage to a company and its customers.
Staying up to date on the latest attack schemes and techniques, and leveraging readily available threat intelligence are among our advice for improving breach detection. Lastline’s recent blog post explores these further and offers five more tips to help enterprises quickly detect a pending or actual data breach before it causes widespread harm.
The Women in IT Awards is the technology world’s most prominent and influential diversity program. On 22 March 2018, the event will come to the US for the first time, taking place in one of the world’s most prominent business cities: New York. Nominations are now open for the Women in IT USA Awards 2018. Click here to nominate