Cyber Security - everybody is talking about it but who understands it?
A day does not go past when the subject of Cyber Security does not appear on our radar one way or another. The general media occasionally react to the Whitehall PR machine and provide general coverage; the CyberStreet campaign has had a great deal of coverage through radio in particular; professional bodies are doing their part to update members; and of course, the IT industry is trying hard to sell the solutions that business needs.
The questions are – Are we listening? Do we understand? and Are we acting on advice?
To coin a phrase – We are not getting three ‘Yes’s in answer and that’s for sure!
Regrettably the general responses include ‘It won’t happen to me’, ‘This only affects big businesses’, ‘We have everything covered’ and so on.
The truth of this matter is that every business and organisation connected to the Internet is under threat from both external security attacks and internal security leakages and damage. The latter is all too often forgotten in the arena of Cyber Security which is essentially about the protection of data.
There are statistics on attacks available to scare all sizes of businesses and from any sector, and the authorities do not have the means to investigate all the incidents, hence why the Government has been strengthening the capability to react to major cyber-attacks with bodies such as CERT UK (Computer Emergency Response Team). Furthermore the communication to all organisations on this subject has been increased.
There are growing trends in the methodologies used by cyber-criminals such as Social Engineering. The cyber-criminal utilises public information to gain information of connections between people and businesses and to present, for example, malware affected emails that carry more credibility as they appear to be sent by a recognised source. Once the recipient has opened the email and an attachment, the malware can be delivered to their system enabling the cyber-criminal to do even more social engineering.
There are a number of steps that must be taken to minimise the likelihood of a successful attack which can often take months to be noticed and identified. The ICAEW (Institute of Chartered Accountants in England & Wales) has produced a 10 step guide which can be accessed through this link – ICAEW 10 steps to Cyber security.
Yellowspring provides a Cyber Security review and report service to help businesses identify weaknesses within systems and to provide actions to minimise the risks. Please contact Maria West on 01268 494160 or email firstname.lastname@example.org