ETL Blog

4 minutes reading time (781 words)

Is cyber security still being side-lined and if so why?

FightBack_219655588-Small-Web

Technological developments are taking place at an incredible speed which enables businesses to be more efficient, in terms of both time and money. Despite these benefits, technological advancements have also brought a new set of threats and challenges that many businesses have never experienced before. As a result of this, companies need to learn how to deal with these new phenomena in order to best protect themselves.

The recent global ransomware attacks on the NHS and other services have brought cyber-security into the limelight. Cyber-security is defined as the protection of all systems, networks and data from theft, damage or disruption (itgovernance, 2017). It has been reported that there have been attempts to attack organisations beyond the National Health Service (National Cyber Security Centre, 2017). It is therefore vitally important that businesses of all sizes prioritise online security as an area that is worthy of investment.

Why is it vital for all companies to invest in cybersecurity?

Cyber security is not a problem that can be fixed indefinitely with the purchase of one particular piece of software. It is dynamic and ever-changing, therefore requiring an ongoing process of risk assessment and safeguarding. Cyber-attacks are almost impossible to predict but with sufficient security and preventative measures, their impact can be minimised.

Hackers are constantly learning new tricks and developing new ways to breach security measures. Cyber criminals are able to buy inexpensive hacking software from the internet, meaning that it is becoming increasingly easy for these individuals to get hold of private information and misuse it.

The insider threat to a business from its' own staff and contractors should not be overlooked. Internal security procedures and policies must be communicated effectively to staff at induction and on a regular basis thereafter.

So, what is stopping companies from investing?

One common reason why financial decision makers may decide not to invest in cyber security for their business is because of the idea that 'if it ain't broke, don't fix it'. If the company has not been targeted before, they may not see any reason to invest further into cybersecurity measures. In reality however, an attack could be imminent which could potentially have devastating effects on the business. The fact that a business has not been targeted in the past does not mean that it will not be targeted in the future; a realisation that is reinforced by the recent ransomware attacks on the NHS.

A common misconception by some companies is that simply complying with relevant security legislation is enough to protect them. The ISO 27000 family of standards, for example, helps organisations of all sizes to keep its information secure through providing recommendations for an Information Security Management System (ISO, 2017). This will help a business to protect its information assets in cyberspace, but alone it is not necessarily enough to protect them from a targeted ransomware attack. Some CEOs or financial decision makers may have a lack of knowledge or awareness about the level of risk, therefore not enough investment is put into cyber-security.

What does the solution look like and how can we get there?

To put it simply, there is not one overall solution to protect a company from cyber-attacks, but there are many different measures which can be implemented to reduce the harmful effects of an attack. It is about finding and fixing problems – not building huge defences. It is probably impossible for a company to be 100% protected against cyber-attacks. The focus should be on creating an internal process which finds bugs or vulnerabilities and works to restore them - in turn improving the cyber-security of the business.

Another way that a business can be made safer is to ensure that financial decision makers understand the detrimental impacts that a cyber-attack could have on the company, for example; loss of sensitive data, negative effects on the company's reputation, the significant financial cost of a breach to the network and the reduced productivity in the long-run.

Finally, it can be very helpful to liaise with other companies within the same industry sector to discover the cyber-security measures that they are adopting and how effective these are. This is useful in highlighting your company's current position and what needs to be improved in the future to bring the company into line with other market leaders.

Simple precautions that all companies can take in order to avoid 'Ransomware' attacks:

Recommendations by the National Cyber Security Centre (Part of Government Communications Headquarters) are as follows:

  1. Keep your organisation's security software patches up to date
  2. Use proper antivirus software services and ensure they are also kept up to date
  3. Most importantly for ransomware, back up the data that matters to you, because you can't be held to ransom for data you hold somewhere else.

References:
CTO Andrew Sheldon talks to Schools Equipment News...
4th edition of Electronic Evidence published

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, 16 December 2018
If you'd like to register, please fill in the username, password and name fields.

EasyBlog - Latest Blogs Module

EasyBlog - Random Post Module

15 June 2017
Cyber Security
Blogs
Digital Forensics
Technological developments are taking place at an incredible speed which enables businesses to be more efficient, in terms of both time and money. Despite these benefits, technological advancements ha...
30 October 2017
Events
Spektor
News
Digital Forensics
​The 2017 SPEKTOR Workshop highlights advances in digital forensic operations. Download the full press release Here...
22 May 2018
Blogs
Cyber Security
Spektor
 A fundamental design flaw in Intel microprocessors that allows sensitive data, such as passwords and crypto-keys, to be stolen from memory is real – and its details have been revealed.'Meltdown'...
28 July 2017
Digital Forensics
News
Events
Our CTO Andrew Sheldon presents at the 29th Annual Crimes Against Children Conference.  Read the full press release Here...
07 November 2017
News
Appointments
Digital forensic triage specialists, Evidence Talks, has appointed Ashley Lane as its new CEO, while Elizabeth Sheldon, steps up to the role of Chairman.Download the full press release Here ...

Subscribe To Our Newsletter

Copyright. All Rights Reserved Evidence Talks 2018
Click here to see our Privacy Policy