Fighting cyber crime requires education as well as technology
By Prempal Singh
There is not a single ‘magic bullet’ to keep every company safe from attack.
The National CyberSecurity Centre (NCSC) was launched in Oct 2016 to help UK businesses protect themselves from cyber attacks, as many remain not equipped to fight against this type of crime. To coincide with the launch of the NCSC, the Rt Hon Philip Hammond MP, Chancellor of the Exchequer, also launched Initiative 100, part of the government’s Countrywide Cyber Security Strategy, which aims to train personnel in 100 businesses to fight against the growing tide of cyber attacks.
Techniques like these are evidently a step in the right direction, good results. more than 5.4 million businesses now with the UK, it’s essential that each organization is able to protect itself from this type of strike. Cybercrime is becoming more frequent and superior by the day, so it is never more essential for UK businesses to familiarize themselves with the methods available to prevent an attack, not from a technological perspective, but also through a suffered program of employee education.
Are passwords the most fragile link?
Anyone who concerns the scale of cyber crime in the UK should consider this: the NCSC has taken care of immediately over 180 cyber attacks within the last 3 months alone. Many businesses now provide employees with detailed instructions for creating complex passwords to fight this type of activity, but this actually will do little to keep delicate data away from spying eyes. In fact, at the opening of the Centre, technical director Ian Levy claimed that complex passwords may actually be making this problem even larger.
The complexity of security passwords – and a number of passwords that employees need to remember – has an unintended negative impact on security. For many IT users, complex security password is either written down or used across multiple applications, both personal and professional. Therefore, hackers are often able to obtain far more information than they formerly intended, with only one stolen password.
Straight forward, easy-to-guess passwords are also a problem, however – and further evidence that more cyber defense education is needed. One solution that can see an end to password-driven attacks is multi-factor authentication. In some cases, this could suggest combining a password or additional information that no-one other than the consumer would know, alongside a physical device, such as a key fob with an additional password that changes every 30 seconds. Applying multi-factor authentication in this way can considerably reduce the risks associated with system authentication.
There are other tools beyond security passwords:
For instance, by replying to a seemingly harmless phishing email, or by falling for an effective call, employees can accidentally provide hackers with all the information they should gain access to an organization’s data. When inside, it takes little effort for hackers to find and steal private information, secure in the information that the server is convinced their actions to have been carried out by a verified employee. With this in mind, employees at the very least should be taught to land on the notification for any activity – even when it looks legitimate – that requires for login details or other private data.
Viewed in this way, technology is definitely the last piece of the cybersecurity puzzle. Everything leads back to education of staff, and most importantly, staff by any means levels within an organization. Older managers, in particular, have to know the potential harm that cyber attacks can cause and take responsibility for cyber security in their businesses.
Because of such, before implementing any new software or other IT solutions to improve cybersecurity, management needs to do something to train their staff on the various types of attack and how to spot them. Any internal threats need to be treated with the same amount of caution as those received from exterior entities. A significant quantity of cyber attacks has actually recently been carried out by those within the company itself, so ensuring that employees are able to identify any signs that co-workers could be stealing valuable information is also a key part of a watertight cyber security strategy.
In order to achieve this goal, organizations should look to promote a culture of self-regulation, whereby criminal employees can be determined and reported before their efforts to gain access to confidential data are successful. Whilst IT solutions such as Info Leak Prevention provides an additional pair of sight within the firm, it is the human factor that is critical. Once again, this all links returning to the essential role that education must play when taking steps to protect an organization from attack.
Obtaining IT right
Although cyber security is slowly moving up the agenda in conditions of investment priority, the threat landscape is large and businesses need to fully understand the appearing risks that could impact their organizations. Senior management teams must work along with their IT departments to develop a holistic internet risk strategy based on around-the-clock surveillance, including a comprehensive risk register with appropriate controls in place. When combined with a greater investment in both protecting software and staff development, this balanced approach should be seen as the first port of call.
An essential step towards obtaining better and continually increasing IT security is the ISO 27001 standard, which provides a recognized best practice framework for controlling IT security within an organization. ISO 27001 is globally accredited as an efficient way to manage this part of the business by reviewing, assigning settings and monitoring processes within the organization. This will be an important first step for many businesses planning to boost their IT security.
However, the fact is that there isn’t very any single ‘magic bullet’ to keep every company protected from attack. Rather, businesses should rely on a blend of staff training, sharp management focus and robust IT controls to reduce the threat scenery. Effectively managed, this may go a long way in bolstering a company’s cyber security strategy. Unfortunately, the fact is that attacks are merely likely to increase in frequency and sophistication, so businesses need to address this issue as an issue of urgency, at all amount business.
source: www.itproportal.com