A frightful February for high profile cyber attacks
Over the past few years there have been a number of high profile cyber attacks against companies, but this month we have seen an unprecedentedlevel of sophisticated attacks against some of the really big players. Apple, Microsoft, Facebook and Twitter in close succession, announced that they have been the victim of cyber attacks. Add to this the attacks against the NYT and the report by the US security firm Mandiant Corp that China is to blame for the majority of attacks. With a month like this it would be surprising if you were not starting to get a little concerned about your exposure to a cyber-based attack.
Who should be most concerned?
The questions on many global executives minds may well be “are we next, can we cope and what is our contingency plan or even where is our contingence plan?” These are big-ticket incidents after all, but should smaller companies be worried? If the threat is getting ever bigger and the resources to counter the threat in these troubled economic times are limited, then perhaps it’s the SMEs that should be panicking and the large enterprises, with greater resources should be sleeping well in their beds?
Basic information security can go a long way
Rest assured, as an SME you don’t need to panic about this type of the recent big company attack. This doesn’t mean that you should be complacent (you are not immune, especially if you are in the supply chain of one of the Large Enterprises or Government) but in the vast majority of cases doing some pretty basic security things can go a long way to making you a less attractive target.
You’ll find some advice on this in a previous blog – Protect Your Systems from Cyber Threat with 7 Basic Controls but for ease here is a quick a synopsis:
- Passwords â€” use good ones, don’t reuse them and change them regularly. For more info take a peek at this .
- Patching – Software is so feature rich there will always be vulnerabilities that could impact your business. The answer; patch, patch, patch and keep patching, probably forever!
- Anti Malware – Have Anti Virus installed on your laptops, desktops, servers. Don’t think you are immune if you are a mac user either! Once installed make sure its configured correctly, here is some advice to get the most out of your security spend
- Access and Admin Rights – take some time to think through if everyone really does need access to everything and do they really all need administrator privilege?
- Firewall â€” Everyone should have one and it should do something useful. If you have a dedicated hardware based network firewall does it stop things going out as well as things coming in?
- Encryption – There really isn’t much of an excuse for tablets, laptops, CD/DVD’s, and USB sticks not to be encrypted now a days. It’s simple to set up, cheap and given the number of laptops left in taxis (approx. 10,000 every year!), it’s the most likely source of lost information.
Information Risk Management will get you even further
When it comes to losing your information, regardless of how it happens – cyber attack, leaving paper documents in a taxi, allowing BYOD without really thinking the issues through – the incident will have an impact on your business. Financial loss or reputational damage are the most likely business impacts to an information compromise. It’s vital that all businesses, whatever their size take the threat seriously.
Here at Ascentor we are big advocates for Information Risk Management as the right approach to achieve information security peace of mind. We are firm believers that to be effective all information security should support and be integral to the business: bolting on security isn’t effective, can provide a false sense of security and can hamper the business.
Being secure inevitable costs you money. Using a risk based approach gives you the information to optimise that spend, making sure the resources you have are effective and efficient in reducing your exposure to information risks.
In our experience smart Information Risk Management can actually reduce the security bill. For one of our clients we identified an over engineered security solution which resulted in reducing the security bill by £3M. This size of saving cannot be guaranteed but by rationally analysing your organisation a very clear picture is provided of what you want to protect and what you are prepared to do to protect it.
If you would like to discuss the benefits of IRM for your busines s or more advice on doing the security basics please do get in touch: [email protected]
Article by Dave James , MD of Ascentor.
- Download our ebook â€” The Board’s Guide to Information Risk
- Findings of Ascentor’s research into the Human Face of Information Risk