Loading...

Keeping Cyber Simplified.

Keeping Cyber Simplified.

Posted in Articles and Analysis

The exponential rise in cyber-attacks, ransomware reports and data breaches has given organisations of all sizes an increased focus on securing personal and company data. 

Cyber-crime and attacks are becoming increasingly more sophisticated and stealthier, targeting people, organisations, supply chains, data networks and company devices.  Threat actors (criminals) are continuously looking for vulnerable targets that do not have up-to-date security and technical processes in place. 

“Cyber-Security” is a phrase that we all know, yet do we actually know how to incorporate cyber-security into our working and personal lives?  Does applying anti-malware software to your operating systems give you enough protection?  Do employees and family members know how to spot a potential threat? Are your cyber-security measures fit for purpose, or a one size fits all approach? 

If you are reading this article, then you will likely be looking for assistance, or at least a starting point in strengthening your cyber-security protection measures. 

There are many forms of cyber-attack, but the most common is ransomware.  Once an organisation’s systems have been penetrated, the criminals will deny access to the systems by adding a level of sophisticated encryption that can’t be restored.  The criminals will then apply pressure on the organisation to pay the ransom to release the encryption, and on payment give access back to your systems. 

This kind of attack will directly affect an organisation’s workflow, reputation, operations, supply chains and depending what industry sector, it can in some cases, affect life or death situations. 

Did you know? 

  • 91% of successful data breaches start with a spear email-phishing attack. 
  • 10-15% of email-phishing attacks are making it through your filters. 
  • Ransomware has increased by 229% since 2017 with approximately 600 attacks every minute. 
  • In 2022/2023, 72% of organisations were affected by a ransomware attack. 
  • “Ransomware-as-a-Service” is freely available to buy on the web, enabling anyone to create a cyber-attack.
  • 80% of organisations who pay the ransom were subject to another attack (as the criminals know you will pay!). 
  • The average ransom fee is £200,000, however, the largest reported ransom paid was $40million. 

More than ever, employees are often the link in the vulnerability of an organisation’s network security. They are frequently exposed to sophisticated phishing and ransomware attacks. Our paramount advice is to train your employees, help them be the first line of defence and remain vigilant. 

Consequently, understanding cyber-crime threats, identifying vulnerabilities and implementing security procedures will help mitigate the risk of a cyber-crime, attack and/or data breach. 

Benefits of implementing a cyber-security framework

Implementing a cyber-security framework provides several benefits for organisations. It helps: 

  • Identify and prioritise cyber-security risks 
  • Enable a proactive approach to cyber-security 
  • Provides a common language for communication among stakeholders 
  • Sets standards for establishing and maintaining a robust cyber-security posture 
  • Reduce operational risk and potential reputational and financial impact of cyber-attacks and data breaches 
  • Facilitate compliance with regulatory requirements 
  • Demonstrate a commitment to cyber-security to customers and stakeholders 

 

How to implement cyber-security measures 

The proposed place to start is to follow and implement a cyber-security framework; as outlined in the checklists below. 

IDENTIFY | PROTECT | DETECT | RESPOND |RECOVER 

 

Identify

The best place to start is to understand and record where your information is stored, who has access to the information, and then grade which data sets are critical to your operations.   

If for example, every employee has access to all areas of your data infrastructure, consider applying access control measures to limit who has access to the data. 

Next, assess what, if any, security measures you have in place already. Are they active, if so, do they need updating? 

These assessments will help form your governance framework and help determine where your vulnerabilities are. 

IDENTIFY 
  • Conduct assessments across your organisation to identify physical assets, connectivity, third-party infrastructure and current security provisions. 
  • Review your currentgovernance framework and risk mitigation strategies. 
  • Provide you with a “Gap Analysis” that identifies immediate control weaknesses, threats, vulnerabilities, strengths and areas for development. 
  • Create a “Risk Register” and identify your critical list of control weaknesses versus actions required by best practice cyber-security guidelines and/or privacy legislation. 
  • Review your current cyber insurance policy and cross reference with your cyber-security posture. 
  • Develop and provide you with a clear “Framework Road Map” needed for regular review of security controls. 

 

Protect

This phase is all about improving and implementing measures to combat your cyber-security threats.; and will include developing better processes and procedures, and communicating these to the whole organisation. 

Introducing written policies, staff training and awareness sessions will help change your organisation’s culture and approach to preventing cyber-attacks from happening in the first place.  

Depending on the size and sector of your organisation, you may need to invest and incorporate additional protective technologies to enhance your cyber-security posture. 

PROTECT 
  • Review your “Framework Road Map” and introduce specialist cyber-security software and hardware Protective Technologies to add value to your cyber-security posture. 
  • Review your policies & procedures  and provide you with a plan for “Cyber-Security Protection by Design”, needed to ensure compliance. 
  • Improve your cloud/server/network access controls and privileged user accounts. 
  • Review the information security provisions and vulnerabilities of external cloud platforms, third-party applications and supply chain. 
  • Implement Cyber Essentials, Cyber Essentials Plus accreditation, or support an ISO27001 (or equivalent NIST) certified Information Security Management System. 
  • Assess your organisation’s firewalls, encryption, anti-virus and malware security provisions. 
  • Implement a “Response Team”, and define security roles and responsibilities. 
  • Implement an accountability, communications and reporting line structure. 
  • Design and coordinate a business and disaster recovery plan during a cyber-security event or crisis. 
  • Design and implement consistent security audits into regular working practices. 
  • Coordinate an educational awareness plan and implement training activities for all employees and stakeholders. 
  • If required, provide your organisation with an outsourced and independent Chief Information Security Officer (CISO) and participate as an independent member of your “Risk Supervisory Board”. 

 

Detect

Once your cyber-security posture and the culture is in a good position, the next phase is to consider identifying technical gaps in your security. This will include bringing in penetration testing measures and working with your protective technologies to highlight technical threats to your organisation. 

It is good practice to keep monitoring the work you have already completed and ensure that regular testing has been incorporated into your working practices. 

It is also worth performing cyber-security due diligence with all your key vendors and supply chain, to ensure they are also following your protocols, or at least a high standard of cyber-security. 

DETECT 
  • Conduct specific internal & external penetration testing to identify operational and control weaknesses, highlighting areas for development. 
  • Coordinate and work with Protective Technologies partners, reporting on vulnerabilities and immediate threats to the organisation. 
  • Identify connection gateways to the internet and other communication systems. 
  • Conduct information and connectivity audits across the organisation to review, identify and assess where sensitive data is held and/or shared. 
  • Perform security due diligence into supply chains, clients and key employees. 
  • Examine mis-configurations and internal/external unauthorised access. 
  • Continuously review and update your “Framework Road Map” and policies & procedures to ensure continued compliance and protection. 

 

Response

Now is a good time to test your incident response and reporting procedures. This can be in the form of desktop exercises incorporating different scenarios.  Take any learnings from this phase, and add these to your cyber-security framework. 

Hopefully this will not happen, but in the event of a cyber-attack or data breach event, you will now be well equipped with a response plan that will assist you with your reporting obligations and communications with relevant parties. 

RESPONSE 
  • In the event of a cyber-security event and/or data breach, implement a 24hrs a day incident response support Response Team. 
  • Coordinate and implement business continuity planning measures to mitigate threats. 
  • Work with Protective Technologies partners and assist the Response Team react to vulnerabilities and immediate threats to the organisation. 
  • Test and review the Response Team’s communication and reporting line structure. 
  • Where necessary, improve communication methods and response to cyber threats. 
  • Identify cyber threat trends and implement necessary protection strategies. 
  • Continuously review and update your “Framework Road Map”, roles & responsibilities, policies & procedures to ensure continued compliance and protection. 

 

Recover

Lastly, after a cyber-attack or data breach, it is vital to learn from such an event, not only to determine how the event happened, but also how you responded during and after the event. 

RECOVER 
  • Continuous communication with key stakeholders and supervisory authorities. 
  • Liaise with the cyber-insurance company and implement recovery measures. 
  • Work with Protective Technologies partners and to implement patch management and remove vulnerabilities and immediate threats to the organisation. 
  • Review and update the Response Team’s communication and reporting line structure. 
  • Review the Response Team’s reaction to vulnerabilities and threats to the organisation. 
  • Improve business continuity training activities. 
  • Implement forensic analysis to identify root cause of security threats. 
  • Continuously review and update your “Framework Road Map”, roles & responsibilities, policies & procedures to ensure continued compliance and protection.

How we can help 

Our understanding of cyber-crime threats, data protection, data security procedures and assessing vulnerabilities, allows our Team to provide Clients with measures to mitigate the risk of a cyber-crime, attack and/or data breach. 

Working alongside the client’s team of technical, IT, risk and compliance leaders, TenIntelligence acts as a CISO, an extension of in-house resources.  We help assess an organisation’s cyber risks by designing and implementing a cyber-security strategy and culture through policies, procedures and controls needed to strengthen defences and achieve compliance standards. 

If you need help implementing a cyber-security strategy, contact us at info@tenintel.com for a free 30 minute consultation. 

 

Written by

Neil Miller, CFE | Founder and CEO