Cyber-crime is now considered one of the biggest threats to the stability of the UK economy and the industries that underpin it. In the first part of our Cyber Security Awareness series, our industry experts discuss the growing challenge businesses face from cyber-crime today and how to defend against an ever-changing threat landscape.
The modern cyber threat landscape has evolved significantly in the last few years, with the types of attacks (both targeted and un-targeted) becoming increasingly more sophisticated and harmful than ever before. There has been an alarming rise in the number of incidents reported over the last 12 months, with several high-profile attacks including the widespread WannaCry ransomware outbreak, the infiltration of Deloitte’s worldwide email platform and more recently the breach of Equifax’s customer data. Every business, organisation and institution across the globe is a potential target, regardless of industry, size or value.
However, there is a major concern that many businesses and established enterprises are simply not prepared for the rapidly rising trend in cyber-related crime. According to a recent survey published by the Department for Digital, Culture, Media & Sport (DCMS); nearly half of UK businesses (46%) who participated in the survey have been subject to at least one cyber security breach or attack in the last 12 months. In contrast, only a third of businesses surveyed (33%) have a formal policy that covers cyber security risks and only one in ten (11%) have a cyber security incident plan in place to deal with any attacks. These statistics highlight the vast opportunity that is widely available to cyber criminals as a result of the cyber security gap that exists throughout modern businesses right now.
Understanding the underlying risk.
Cyber-crime has grown in sophistication, scope and frequency. Techniques employed by cyber criminals are rapidly changing, with a dramatic increase in phishing and ransomware attacks originating outside the UK. With the pace of continual technology change and innovation, a reactive approach to cyber security is no longer a practical method of tackling the risks that exist today. Businesses need to be proactive and prepared to stay ahead…
The motivation behind modern day cyber-crime is extremely varied; from financial gain, extortion, corporate espionage to creating a political advantage and even interfering with diplomatic processes. In some cases, attackers are simply demonstrating their superiority and skill amongst the growing community of cyber criminals. However, the underlying risk to organisations remains the same regardless of the motivation behind an attack and can have very serious consequences both socially and economically.
Cyber-attacks are usually intended to cause as much disruption to a business as possible or expatriate valuable information without detection. Either aim can have significant consequences and can cause serious financial loss and reputation damage. Being able to proactively defend a business against cyber-attacks starts with business leaders having a well-rounded understanding of the internal and external vulnerabilities the organisation may face. Identifying points of weakness and having a plan to address them is by far one of the best protection strategies available.
In a report marking the first anniversary of the UK’s National Cyber Security Centre (NCSC), 1,131 cyber security incidents were reported in the organisation’s first year of operation with 590 being classed as ‘significant’. In May 2017, the NCSC were responsible for leading the response to the largest ransomware outbreak in history, dubbed WannaCry, that affected 47 NHS trusts and disrupted healthcare services across the UK. However, while the NCSC do a great job in safeguarding the UK from increased hostile activity, they simply can’t identify every emerging threat and stop every attack. Therefore, businesses must be prepared in protecting themselves from this major threat.
Protecting your business from common threats.
Essentially, the key principle of cyber security is to reduce the risk of a cyber-attack and protect an organisation (and its individuals) from deliberate exploitation and damage. An effective cyber security strategy consists of technology, processes and controls that are designed to protect systems, networks and information from exploitation. While technology plays a critical role in mitigating risk, so does ensuring robust physical security and building a culture of awareness amongst your employees, customers and partners. Strong cyber security practices are not just an IT concern, it is equally important that business leaders across an organisation recognise and embrace their responsibility’s in tackling this complex challenge.
Therefore, it is paramount that every business takes the steps necessary to protect its digital assets, information and people from common threats as much as possible. Here are our five key considerations to safeguard your business from common cyber security threats:
1. Be prepared. Plan for disaster.
The unfortunate reality is that sometime in the near future, your business will experience some form of cyber-attack. So, business leaders need to expect it and prepare for it. By identifying the threats that may impact your business and creating a plan to deal with them, should they become a reality, is an extremely important step in building a robust cyber security ecosystem in any organisation (small or large).
To be effective, we recommend every organisation creates a detailed plan that addresses five key areas. Once complete, make sure that every stakeholder is familiar with it and knows what their specific role is, if an incident were to occur.
- Identify every asset in your organisation that needs protecting, including making sure you know where all your corporate data resides and who has access to it.
- Assess and understand how each asset identified should be protected, clearing defining what controls and measures are necessary to protect each one.
- Create robust mechanisms to detect and monitor rogue activity so those responsible can react quickly when they occur with a clear perspective of what’s actually happening.
- Define what steps need to be taken and by who to successfully respond to an incident in the form of an operating procedure, checklist or incident playbook.
- Build a comprehensive recovery plan so that if disaster strikes, the entire organisation understands what to do and how to recover systems that have been impacted by a breach or attack.
2. Build in resilience with layers.
We are huge advocates of adopting a layered approach when building cyber security defences. An effective layered approach starts with the practice of combining many security controls and capabilities to create a defence strategy that can resist even the most sophisticated types of attacks. The aim is simple – to thwart an attacker by slowing them down, giving you the opportunity to detect the attack before any serious damage has been caused or assets compromised.
A resilient security strategy combines implementing preventative, detective and corrective controls across a number of common layers – including human and physical layers along with network, application and data layers. From perimeter network security using advanced firewalls, to whitelisting corporate applications and ensuring endpoints have secure configurations – all of these individual controls create an effective digital fortress that collectively deter attackers.
There are various security-related technologies available in the marketplace today, many of which offer advanced capabilities in protecting corporate networks and systems – however there is no single solution that will provide adequate coverage across all layers and all controls. When developing a security strategy, it is important to start with a holistic view of the capabilities your organisation needs the successful defend itself.
3. Protect your endpoints and devices.
Unsurprisingly, a key preventative measure in establishing a robust cyber security defence is ensuring that every endpoint or device that has access to a corporate network is secured with appropriate protection capabilities. This includes traditional workstations (desktops and laptops) as well as mobile devices, smartphones and tablets. While this might seem obvious, many organisations overlook this fundamental defence measure and have inadequate protection capabilities.
Malicious software, in the form of malware, viruses and ransomware, can cause material harm and disruption extremely quickly once a device has been infected. By preventing code known to be malicious or from an untrusted source from reaching or executing on a device is the first step, however monitoring the integrity of devices and identifying those that are compromised is equally as important. Being able to analyse and assess the health of your company estate at any time is invaluable and can prevent a single compromised device evolving into a much bigger attack or breach.
This also means making sure your devices are always up to date with the latest software patches, in addition to implementing robust malware protection capabilities. Software vendors regularly address known technical vulnerabilities that can be exploited an attacker – making sure software is up to date greatly reduces the risk of a vulnerability being exploited. Maintaining a robust patching regime is a fundamental approach to reducing the opportunities available to an attacker and involves considerably less time and effort that addressing and responding to an incident after a vulnerability has been exploited.
4. Be aware of the insider threat.
Many organisations simply focus on protecting and defending their external perimeter, which is only one piece of the cyber security puzzle. One of the most challenging vulnerabilities to remediate is that of human beings. Many attacks now originate from inside an organisation and often rely on social engineering techniques – or human-to-human interaction utilising psychological manipulation to target common human vulnerabilities. Social engineering attacks are now prevalent in today’s society, and have been the root cause of many high-profile breaches in recent months. Many attackers will now prey on human weakness so their target unwittingly provides the access or information required to successfully penetrate an organisation’s internal network. Popular tactics include the use of baiting, phishing, pretexting and water holing – all of which can be extremely successful techniques for a determined attacker.
The most effective countermeasure in defending against social engineering attacks is awareness. Enabling your employees to be able to prevent social engineering attacks through education is the best starting point in building a defence against this emerging threat. This requires a good understanding of the threat they might be subjected to and how to identify them. We always advise our clients to embrace cyber security and make it part of the organisation’s culture. Giving employees a sense of ownership when it comes to good security practice will help to encourage the cultural change necessary to defend against even the most sophisticated social engineering attacks.
5. Test your defences. Then test again.
Finally, to have confidence in the security system your organisation has built – it must be tested to prove each component can handle threats effectively. This includes testing each capability and every control across your organisation’s technology, people and processes again and again on a regularly basis. The process to test and validate your organisation’s defences should be an integral part of your cyber security strategy.
Not only does a regular testing approach give you and your teams the opportunity to remediate any gaps or weaknesses in your defences before they are exploited by an attacker, but everyone will have a good understanding of how the system and its components will perform when under attack.
Prodera Group is already helping businesses tackle the growing cyber security challenge. To find out how we can help your business protect and safeguard your digital assets, please contact us today by sending us a message or call +44 (0) 845 154 3560.