As we’ve written previously in Part 1 and Part 2 of this cyber security blog series, network and IT security is an issue which every business must take seriously, no matter many employees or customers it has, and regardless of the sector it operates in.
The threat of cyber-attacks such as ransomware grew exponentially during 2018 and is predicted by experts to continue rising in 2019.
An effective cyber security policy brings together a range of measures to create an overarching strategy.
In this final article about the steps need to take to guard your organisation against risk, we explore five further measures which should be included in your approach.
- Security Assessments
It’s impossible to build an effective cyber security strategy if you don’t know the nature of your current risk profile. Your network and communications infrastructure alone – particularly if some or all of your workforce is mobile or works remotely – comprises multiple points of vulnerability.
Constant changes and different points of access, new devices and varying work locations all present potentially new risk areas, as the threats sources to cyber security defences shift.
In order to ensure that the security measures in place are a match for these changes, the level of risk and the policies already in place need to be fully assessed on an on-going basis.
Penetration testing will identify the kind of vulnerable points that hackers may target, while training followed by an assessment of your employees’ approach to cyber security will identify areas in which further training or guidance is required. Regular assessments are already a requirement of ISO 27001.
- Multi-Factor Authentication
Multi-factor identification shifts the emphasis of cyber security away from reliance on passwords – which users tend to keep simple, forget or use in the same place again and again.
If hackers or cyber criminals get hold of any password used by a single user, it may potentially compromise the entire business. A multi-factor authentication solution places more barriers between the criminals and your data, and mitigates against repeated or widespread use of soft passwords.
Often referred to security via “something you know and something you have”, multi-factor authentication relies on a user having a password plus some other form of credential, such as a security token, the answer to a secret question or biometric verification. Practical examples of multi-factor authentication include:
- Logging onto a site via a single use password sent to a phone or email address.
- Entering a PIN and answering a security question.
- Scanning a fingerprint.
- Dark Web Research
Many of the cyber security threats which organisations face originate on the dark or deep web.
This is the huge mass of networks which operate beneath the visible internet, within which hackers can plan attacks and the information taken during those attacks can be offered for sale.
All too often, organisations only become aware of the role which the dark web plays in cyber-attacks after the event, when investigations help to identify the origin of the attack or the use which is being made of the stolen data. On-going research and monitoring, on the other hand, makes it possible to spot potential threats before they materialise.
Dark web research could identify attacks being planned, changes in the techniques used or even the fact that an attack is in progress, as hackers try to quickly turn stolen and hacked data into profit.
At the very least, being in touch with what’s happening on the dark web may enable you to spot a potential breach quickly, close down the vulnerability and minimise the impact.
- SIEM (Security Incident & Event Management)/Log Management
Security Incident and Event Management (SIEM) and log management are vitally important components of your overall security armoury because together the provide critical data on the real-time health and status of your network and communications infrastructure.
The devices and networks in your company produce vast amounts of data in the form of logs, detailing how each device or app has been used and when and where users have logged on or off. Analysing this information carefully and correctly will help to identify security vulnerabilities.
Your SIEM and log management solution provides you with insights encompassing:
- Real-time monitoring of “events” across the network
- Longer term storage and analysis of logs and security information to generate trends information
- Tracking of security-related events such as multiple failed log-in attempts.
The key to SIEM is that it brings together a range of security measures under one umbrella, enabling unified real-time analysis of your networks and thus their security status and integrity.
- Cyber Insurance
No matter how comprehensive the cyber security measures you put in place, it’s still highly advisable to have a solution of last resort in the event that your combined security measures are unable to prevent a data breach incident.
The impact of a security breach can often be huge in both financial, cashflow and reputational terms, and potentially lead to a business meltdown. A cyber-insurance policy provides peace of mind that this impact is mitigated – as long as due diligence has been done, policies have been complied with and the breach isn’t a case of negligence.
In the future, cyber insurance may potentially be a requirement of wider compliance, or be instrumental in the management of customer expectations, particularly for organisations holding large amounts of customer data.
The details of each individual policy could be shaped by insurers and policy holders on the basis of individual requirements, but factors to be covered could include:
- Loss through denial of service attacks
- The cost of an investigation into a data breach
- Losses caused by a breach, such as downtime, data loss recovery and restoring your reputation
- The cost of ransomware attacks.
Want to know more about how to secure your business against cyberthreats? Speak to Alliance Solutions on 0800 292 2100 or email email@example.com