Is your data safe from cyber thieves?
Cybercrimes are on the rise and the cyber black market has evolved from ad hoc, discrete individuals into a highly organized network of cyber hackers, operating in a multi-billion-dollar economy, per RAND’s recent report. With innovation and growth, the cybercrime market can be very profitable. Here are some basic essentials to include in your cyber security plan.
According to Ponemon Institute’s survey, in the past four years, the financial impact of cybercrime has increased by nearly 78%, and the time it takes to resolve a cyber-attack has more than doubled.
So, why is cybercrime so attractive to thieves?
The answer is simple.
Cyber crime is low risk and highly profitable. There is no risk of physical danger and all it requires is access to the internet. Cybercrimes can include stealing a company’s intellectual property, using passwords to get into a bank account, distributing viruses to other computers, or posting business information on the internet. In short, these are activities that could grind your business to a halt and cause a lot of frustration to consumers.
There is, however, a common misconception that high tech criminals are sophisticated, highly trained super-villains, capable of hacking into the most secure systems. This, ultimately, is not the case. While there are top-tier adversaries and malware toolkit programmers who pose threats, the majority of cyber criminals targeting businesses are opportunistic petty crooks.
These criminals often use some prety basic, low-tech means to gain access to your high tech systems and steal or misuse data for criminal gain.
Five simple and low-tech steps to a solid cyber security plan.
Follow these steps to deter cyber crimes, and thwart attackers from accessing your confidential information:1. Identify critical information: What data is essential for your business to run? Do you have a legal requirement to protect certain pieces of information (i.e. Sarbanes-Oxley or HITECH statutes)? Knowing what data you have and what you need to protect forms, the bedrock of any information security plan.
2. Institute a ‘clean desk’ policy: Have employees clean their desks at the end of the day, and lock up any important documents. Most importantly, make sure users don’t write passwords on sticky notes and leave them near their computer.
3. Shred sensitive documents: Throwing business documents out with regular trash makes it easy for criminals to exploit the information. Instead, shred documents that contain sensitive data. For best result, use a micro-cut shredder that reduces paper into tiny pieces.
4. Eliminate unnecessary features: This is an essential step in network hardening. Have users remove programs and add-ons that are not directly related to their jobs. This reduces the ‘attack surface’ for active penetrations, prevents the introduction of malware and spyware, and has the added benefit of enhancing computer performance.
5. Train end users: Teach users about modern cyber threats and simple things they can do to protect data. For example, empower them to politely challenge unfamiliar people in workspaces. Make users aware of social engineering schemes, and coach users to never give their passwords to anyone -- not even an IT provider.
If you are spending money on advanced network security technology, without first implementing these basic cyber security steps, it is like buying a fancy alarm system for your house and leaving the door unlocked.
British police are woefully under-skilled to tackle the rapidly expanding world of cybercrime, according to a new report of police intelligence analysts.
The report, conducted by PA Consulting, gathered responses from 48 different police bodies, and its findings don’t make pretty reading. Less than a third of respondents have the technology or skills to fight cybercrime, with 75% of analysts spending less than 10% of their time on cybercrime analysis.
Cyber security expert and author of the report Nick Newman commented that it was disturbing that police were’ nowhere near equipped’ to deal with the cyber crime threat. The government has backed the training of 2,000 detectives in new cyber techniques by April 2015, but when you consider how much of modern life is spent in the cyber world, and how much cybercrime is present in society, this seems unequivocally disproportionate.
One huge problem that the police face is recruiting highly skilled cyber security specialists, who in the private sector command a much greater salary than the police can offer. Cyber security is a critical issue in a technology driven world, whether it be individuals, businesses or governments.
Serena Gonsalves-Fersch, head of KPMG’s Cyber Security Academy commented:
‘Both private and public sector organisations need to focus on developing the skills of their existing workforce and on integrating cyber training into their overall training and development policies.’
The Government’s own, four-year, £650 million cyber security strategy focuses on protecting the national infrastructure and helping raise awareness of cyber security amongst organisations through its Cyber Essentials Scheme. It seems clear to me that they need to dig a little deeper to support and train the Police.
Train with the cyber security experts
IT Governance has been assisting individuals build cyber skills for over 10 years. Our comprehensive range of cyber security training includes:
- A complete programme of ISO27001 training from foundation to implementer level
- Cyber Essentials training
- COMPTIA courses: COMPTIA Advanced Security Practitioner (CASP) & : COMPTIA Security+
- ISACA & (ISC)2 courses including CISA, CISM & CISSP
- Data Protection training: DPA Foundation & Privacy Impact Assessment Workshop
No comments:
Post a Comment