ETL Blog

4 minutes reading time (781 words)

Is cyber security still being side-lined and if so why?

FightBack_219655588-Small-Web

Technological developments are taking place at an incredible speed which enables businesses to be more efficient, in terms of both time and money. Despite these benefits, technological advancements have also brought a new set of threats and challenges that many businesses have never experienced before. As a result of this, companies need to learn how to deal with these new phenomena in order to best protect themselves.

The recent global ransomware attacks on the NHS and other services have brought cyber-security into the limelight. Cyber-security is defined as the protection of all systems, networks and data from theft, damage or disruption (itgovernance, 2017). It has been reported that there have been attempts to attack organisations beyond the National Health Service (National Cyber Security Centre, 2017). It is therefore vitally important that businesses of all sizes prioritise online security as an area that is worthy of investment.

Why is it vital for all companies to invest in cybersecurity?

Cyber security is not a problem that can be fixed indefinitely with the purchase of one particular piece of software. It is dynamic and ever-changing, therefore requiring an ongoing process of risk assessment and safeguarding. Cyber-attacks are almost impossible to predict but with sufficient security and preventative measures, their impact can be minimised.

Hackers are constantly learning new tricks and developing new ways to breach security measures. Cyber criminals are able to buy inexpensive hacking software from the internet, meaning that it is becoming increasingly easy for these individuals to get hold of private information and misuse it.

The insider threat to a business from its' own staff and contractors should not be overlooked. Internal security procedures and policies must be communicated effectively to staff at induction and on a regular basis thereafter.

So, what is stopping companies from investing?

One common reason why financial decision makers may decide not to invest in cyber security for their business is because of the idea that 'if it ain't broke, don't fix it'. If the company has not been targeted before, they may not see any reason to invest further into cybersecurity measures. In reality however, an attack could be imminent which could potentially have devastating effects on the business. The fact that a business has not been targeted in the past does not mean that it will not be targeted in the future; a realisation that is reinforced by the recent ransomware attacks on the NHS.

A common misconception by some companies is that simply complying with relevant security legislation is enough to protect them. The ISO 27000 family of standards, for example, helps organisations of all sizes to keep its information secure through providing recommendations for an Information Security Management System (ISO, 2017). This will help a business to protect its information assets in cyberspace, but alone it is not necessarily enough to protect them from a targeted ransomware attack. Some CEOs or financial decision makers may have a lack of knowledge or awareness about the level of risk, therefore not enough investment is put into cyber-security.

What does the solution look like and how can we get there?

To put it simply, there is not one overall solution to protect a company from cyber-attacks, but there are many different measures which can be implemented to reduce the harmful effects of an attack. It is about finding and fixing problems – not building huge defences. It is probably impossible for a company to be 100% protected against cyber-attacks. The focus should be on creating an internal process which finds bugs or vulnerabilities and works to restore them - in turn improving the cyber-security of the business.

Another way that a business can be made safer is to ensure that financial decision makers understand the detrimental impacts that a cyber-attack could have on the company, for example; loss of sensitive data, negative effects on the company's reputation, the significant financial cost of a breach to the network and the reduced productivity in the long-run.

Finally, it can be very helpful to liaise with other companies within the same industry sector to discover the cyber-security measures that they are adopting and how effective these are. This is useful in highlighting your company's current position and what needs to be improved in the future to bring the company into line with other market leaders.

Simple precautions that all companies can take in order to avoid 'Ransomware' attacks:

Recommendations by the National Cyber Security Centre (Part of Government Communications Headquarters) are as follows:

  1. Keep your organisation's security software patches up to date
  2. Use proper antivirus software services and ensure they are also kept up to date
  3. Most importantly for ransomware, back up the data that matters to you, because you can't be held to ransom for data you hold somewhere else.

References:
CTO Andrew Sheldon talks to Schools Equipment News...
4th edition of Electronic Evidence published

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, 16 June 2019

EasyBlog - Latest Blogs Module

EasyBlog - Random Post Module

10 October 2017
Digital Forensics
Blogs
Spektor
Evidence Talks' new SPEKTOR Module 'Rapid Imager', enables faster and new approaches to image acquisition. It offers the ability to store multiple streams per container using an AFF4 format, saving th...
05 May 2017
News
Contributions
CTO of Evidence Talks Andrew Sheldon has worked as a contributing author on the 4th Edition of Electronic Evidence.In this updated edition of the well-established practitioner text, Stephen Mason and ...
04 April 2017
Digital Forensics
News
Spektor
Awards
​SPEKTOR Cascade Forensics recevices Highly Commended accolade at the 2017 ADS Security Innovate Awards.Download Press Release Here...
07 November 2018
News
Cyber Security
Events
NGS demonstrated the latest SDrive demo kit at the Homeland security expo Vietnam 2018 ...
11 October 2018
Digital Forensics
News
Cyber Security
Spektor
Events
This week saw our Annual Conference cover top themes in Digital Forensics and investigations. A special thank you to Bedfordshire Police for talking about SPEKTOR successes in their Digital Triag...

Subscribe To Our Newsletter

Copyright. All Rights Reserved Evidence Talks 2018
Click here to see our Privacy Policy