Dear friends, since I started writing for #InfoSec, #DataPrivacy and #CyberSecurity teams, I have received a lot of messages on one simple theme, i.e. "How do I protect my company from cyber threats and attacks?" Attack attempts and volumes have increased by 151% in the first half of 2021 alone, as compared to 2020, and so this question is not surprising.
www.statista.com tells me that the number of attempted attacks in 2021 YTD is over 300 million (!) as compared to a similar number for the whole of 2020. With this background, the topic for this week's roundup is.....
“It takes 20 years to build a reputation and
few minutes of cyber-incident to ruin it.”
?
~ Stephane Nappo (Global Head Information Security
Société Générale International Banking)
The world is witnessing a continuous change in cyber threat vectors and landscape. Organizations that understand the fact that cyber security is ‘no longer an optional investment’ will more successfully handle cybersecurity challenges and remain resilient. That said, the extent of damage from cyber-attacks can be prevented by addressing the basics of People, Process and Technology, in equal measure.
Here are some steps organizations can take to reinforce cybersecurity and stay protected from cyber-attacks.
- People are often the prime target and starting point for a cyber-attack. Employees continue to increase their digital footprint without being aware of the associated risks.?
- And hence CISO's need to focus on cybersecurity awareness by conducting regular trainings as part of a well orchestrated cyber security training program - focused on prevalent and emerging cyber threats, to secure the fast-expanding digital world they live in.
- Create and implement policies for taking appropriate administrative actions or even penalties for repeat offenders goes a long way in creating a kind of deterrence.
- While there is no guarantee of success, I have seen that the involvement of leadership in context setting and creating a cyber security strategy goes a long way.
- Building a good cyber security process and associated policies starts with creating frameworks for information governance and defining procedures that can be measured over a period.
- ?Processes define the detective, preventative and responsive security controls. This means processes are put into place to support the integrity of a security system and assets which includes network, device, information and people.
- Detective controls like regular audits and reviews (testing) make sure organizations are following best-practices and are geared to handle software and data securely.
- Good cyber security processes also help with legal and regulatory compliance requirements. Non availability of auditable logs and digital evidences is not an excuse for non-compliance :)
- Investing in robust security tools and technologies is a no brainer, to begin with. There is a significant rise in malware, ransomware, phishing attacks. As a result, organizations need powerful, fast, and secure detective solutions for PCs, mobiles, and other devices.
- With the amount of data multiplying every day, using automation for security and information governance is an imperative as well.
- Keep all your hardware and software up to date with the latest security updates and patches. Avoid using use EOL/EOS systems as any weakness in security infrastructure may lead to cyber-attacks.
- Make your incident response lightning speed by developing inhouse capabilities in forensics/ investigation technologies (or use managed services from other service providers).
- Integration of technologies in threat detection - such as threat intelligence, artificial intelligence, and machine learning will enhance incident management capability.
?That’s is for this time. More to come soon!
*******************************************************
Disclaimer:?All views expressed on this article are my own and do not necessarily represent the opinions of any entity I have been, am or will be affiliated. Images can be used for non-commercial purposes - just do the right thing, and give credit where it is due!
