There are some proactive steps you can take as a business to help mitigate against these threats:
1. System Hygiene Everything starts with a proactive and managed approach to keeping computer systems clean and secure. Having software monitoring desktop machines for intrusions, making sure that all routers and firewalls are configured correctly and running the latest operating systems, ensuring that staff do not plug unknown devices into their machines etc. All of these activities if treated as routine maintenance tasks will stop the basic low level issues from becoming major ones. It’s a small investment in time and money that has a disproportionate effect on keeping your business safe, and like insurance of any type, you’ll be glad you had this approach in the long run.
2. Planning Plans are fundamentally useless, as soon as something goes wrong its typical that the incident does not compare with the plan, but, the planning process itself is a vital weapon. If the senior management team understands how to react to a cyber-attack and has a number of documented options available in advance, it can act quickly to stop a problem from escalating. The senior team needs to contemplate all forms of possible attack and create a response for each flavour of incident. Those responses should be made available to the staff and reviewed at regular intervals. Training key staff members on how to respond to an attack is vital.
3. Risk Profiling Not all cyber-attacks are created equal. It’s a positive position to be in if a company can recognise patterns of attack and what may have already happened and what comes next. This allows a far greater capability to create a bespoke defence to different problems and know when to act and where to look. Different company digital assets may require vastly different approaches to keeping them secure, most cyber-attacks will not be beaten by a one-size-fits-all approach. Create different risk profiles for different attacks and have a fit for purpose response.
4. Metrics During a cyber-attack its most unlikely that you’re going to have the option to work in high levels of detail. Its more fundamental that you act quickly than act precisely. Focus on being able to be agile with your responses using rough figures and estimates rather than precise numbers. It means that your attacker is forced to do the same making the likelihood that the attack will stop and it avoids your response grinding to a halt because of analysis paralysis. Run simulations, record numbers and create ranges that you can recognise and define what response is appropriate.
5. Risk Mitigation Your company needs to spend time and money to mitigate the risk of a cyber-attack. Some of these seem common sense and yet a lot of companies still fail to ensure these are in place:
Training: Make sure all your staff understand their role in cyber security and actively engage with them in discussions around how the company’s protective stance can be enhanced.
Certification & Compliance: Even if your company is not software or tech focused, make sure that you go through the ISO9001 and ISO27001 certification. Stick to the rules and regularly retest yourself. These standards are there to help you defend your company and its information security.
Policy & Procedure: Write specific processes and policies for the company to use that enable new habits within the staff to form. Bring Your Own Device policies, rules on portable hard drives, policies on accessing external systems and physical security mantras will all help mitigate risks.
6. Cyber Insurance In the modern era it would be remiss for companies that hold personal information or sensitive data to not have cyber insurance. These policies cover the loss of data or information from IT systems or networks. The average cost of a cyber-security breach is £600k – £1.15Million so typically carrying £2.5Million of cover seems a minimum policy amount. There is some good guidance on cyber-insurance cover available from the Association of British Insurers here.
7. Go! Press the go button and put everything into place. It’s often that plans around cyber-security are left unimplemented because of the “it can’t happen to us” syndrome. If you’ve gone to the extent of the planning, then the implementation should be easy and straight forward. Don’t be the victim of a cyber-attack for the sake taking the last steps of implementing your cyber-security strategy!
Share this post
Apps Are Moving Into A Serverless World – By Ross Cooney
Wednesday 9 November 2016
Even with the rise of cloud computing, the IT world still seems to revolve around servers.
Approaching QA from an IT Support Background – By Paul Heckles
Friday 9 September 2016
Testing is an important part of any product development cycle and this is more the case for software.
Continuous Integration by Graham Newton
Wednesday 7 September 2016
Have you ever found yourself in a situation where you have promised to deliver a project by a certain date, only for it to be broken?
The Gartner Hype Curve 2016 by Dave Sharp
Tuesday 23 August 2016
The latest iteration of the Gartner Hype Curve has been released for 2016.
Brexit and Data Protection – What Happens Now? by Dave Sharp
Tuesday 16 August 2016
The unexpected decision for the UK to Brexit the EU recently will require all businesses to adjust their approach to Data Protection.
7 Measures for Business Cyber Resilience by Dave Sharp
Monday 1 August 2016
There are ever increasing threats to business in cyberspace. DDOS, Ransomware and Phishing to name but a few.
Software Engineering Apprenticeships
Tuesday 19 July 2016
Koios Technology recently saw its latest two apprentices pass their Level 3 Software Apprenticeships.
Software Development Deadly Sins by Dave Sharp
Tuesday 21 June 2016
There are several common syndromes that trouble software development teams and their clients.