It’s no secret that cyber threats are increasing, with the National Cyber Security Centre having tackled a record number of cyber incidents in the UK over the last year.
Created in 1988, Computer Security Day (30 November) is one such opportunity. Designed to raise awareness of all manner of cybersecurity issues, it serves as a timely reminder to make security a priority.
As such, eWeek UK has spoken to seven security experts to get their advice on how organisations can stay safe and secure.
Fight the Phish
One of the biggest threats to organisations remains the phishing email. Whilst these days almost everyone knows not to click on a suspicious link, more sophisticated hacking methods mean that often they can now be almost impossible to identify.
“Phishing emails have a very old school feel about them, but the fact is they remain incredibly effective,” explains Thomas Cartlidge, Head of Threat Intelligence, Six Degrees. “And with attackers diversifying their phishing email methods and launching more and more attacks, your organisation needs to take tangible steps to minimise the risks phishing poses both to laptops and mobile devices (endpoints), which are invariably your largest attack surface.
“We’re seeing an arms race between attackers and defenders, and attackers are winning. Organisations need to achieve defence-in-depth by combining endpoint protection, secure email gateways, user training and up-to-date threat intelligence if they are to protect themselves.”
Adapt to the Changing World
With hybrid working here to stay, it’s crucial that businesses adapt their cybersecurity practises to fit with the new working conditions.
With increased working from home, “not only is it more likely that good cyber hygiene habits have slipped, but personal devices and home networks that are being used for work are considerably more vulnerable to malicious cyber attacks,” points out Matt Rider, VP of Security Engineering EMEA at Exabeam.
“Organisations need to make sure they are investing in the right technologies, key amongst which is user and entity behaviour analytics (UEBA), that gives security teams the visibility they need across their staff, devices and networks. UEBA baselines what normal looks like for each and thus is able to monitor and detect any deviation – spotting malicious activity far, far earlier.”
Dottie Schindlinger, Executive Director, Diligent Institute, highlights the risk that new tools used for homeworking can bring: “Open communication tools – like Slack, texting and personal email – are great for informal communication, but they don’t often provide the level of security or access privileges needed for sensitive communications between executives, the board, legal, HR, risk and compliance teams… Organisations need secure environments and workflows that allow them to communicate highly sensitive information safely, without worrying that it might accidentally be misrouted, forwarded, leaked or even stolen. And, the system must be intuitive and convenient, so executives remain within its workflows and processes without straying to other systems and creating security gaps.”
Don’t Let Technology Become a Vulnerability
These days many businesses rely on a range of different technological solutions, but it’s crucial these remain secure.
For example, Liad Bokovsky, Senior Director of Solutions Engineering at Axway, points to APIs: “APIs (application programming interface), software that enables applications to exchange data and functionality easily and securely, underpin almost everything we do in the digital world – be it comparing flight prices, ordering food delivery through a third party app, or tracking your parcel delivery. However, this year news stories about security vulnerabilities that have exposed private data have brought the issue of enterprise API security and management into sharp focus. Today’s connected companies should have processes in place to make sure that API design, implementation, and management are done properly.”
Similarly, Hugh Scantlebury, Founder and CEO, Aqilla, warns businesses, “If you’re using cloud-based accounting and financial software – indeed, any cloud-based solution – we’d recommend you check that your solution operates from a secure and well-managed data centre. Ask your provider if they store your data in accordance with the National Cyber Security Centre’s 14 Cloud Security Principles.”
Plan for the Worst
If the worst does happen, and an organisation is attacked, it’s vital that they can recover quickly to return to business as usual.
“Being targeted by cybercriminals is no longer a question of if but when – and from web experiences to employee tools, time is money and reducing unplanned downtime is critical,” argues Andy Fernandez, Senior Manager, Product Marketing at Zerto, a Hewlett Packard Enterprise company.
“Managing and mitigating IT disruption caused by external attacks such as ransomware should be top of the security agenda, if it isn’t already. Continuous Data Protection (CDP) provides the safety net that’s needed against malware attacks that will inevitably make it into the system – providing the ability to reduce data loss to seconds, but to also be operational in minutes.”
“Computer security is not just about preventing ransomware attacks but being able to recover your data should it be lost,” concludes Gregg Mearing, CTO at Node4. “MSPs can also provide advice on a backup and recovery plan that matches the risks of each specific business and identifies the most effective backup location for each data tier. Having a complete security solution that takes a proactive approach to cybersecurity will provide the best protection of your data, but having strong data recovery solutions enables business operations to continue should the worst happen.”