The latest industry news, articles and events
Businesses have been at fault, with company bosses delegating responsibility to internal IT specialists in a deliberate effort to keep a problem they may not understand at ‘arm’s length’; the issue of cyber-risks needs to be made accessible for those who are neither familiar with technology nor highly IT literate.
Cyber crime is committed by individuals, or groups, whereas cyber warfare is committed by governments. It can damage your business; every organisation has a role to play in creating a global security culture. Everyone in the information chain must assume responsibility and take steps to improve the security of their systems and networks. Cyber crime prevention is mission-critical but there is no one-size-fits-all solution. However, it’s not difficult to identify the steps to take to secure your business from cyber threats.
Until a few years ago, malicious programs were just cyber vandalism, an anti-social form of self-expression exploiting computer technology. Few of them were deliberately written to cause harm, although a small number caused damage to data or made the computer unusable (quite often as a side-effect, rather than by design). The bulk of malicious programs in circulation at this stage were viruses and worms. Today, by contrast, the greatest threat comes from cyber crime. The criminal underground has realised that malicious code can be used to make money in our constantly connected world and they use it to steal confidential data.
Cyber attacks include viruses, worms, Trojans, hacking, phishing and more. Cyber threats are becoming increasingly sophisticated and their volume is growing exponentially. However, the most prevalent malicious programs today are Trojans. There are many different types of Trojan. Some record which keys you press, some take a picture of your screen when you visit a banking website, some download additional malicious code, and some provide a remote hacker with access to your computers. Moreover, they all have one thing in common: they allow cyber criminals to harvest confidential information to make money.
Security threats include:
Service availability is the name of the game, with an almost universal requirement for a 24 x 7 service to those who should receive it at the time and place of need; are the risks associated with this requirement being adequately managed? Remember, what is adequate for a charity may not be adequate for a bank and what is adequate for a bank may not be adequate for a nuclear power station!
If you answer ‘yes’ to one or more of the questions below you are at risk and need to take steps to review the security of your systems and networks:
Becoming a victim of cyber crime is not a question of the size of your business. All organisations use similar tools across their IT infrastructures, including operating systems, office products, web browsers, storage for critical data (customers, employees, financial) and the laptops and mobile devices used by employees. All of these are equal targets for cyber criminals. Hacker intrusion, malware, spyware and spam can lead to lost or stolen data, computer downtime, a decrease in productivity, lost sales and even loss of reputation. Even those organisations that consider themselves less dependent on computers need to protect their data. Cyber criminals do not care about the nature or size of your business. They are not concerned about who a computer or network belongs to. They want to own any system they can gain access to carry out illegal activity and achieve financial gain at your expense.
What would happen to your organisation if;
Threats to vital information are becoming ever more malicious and complex. While in the past the main problem will have been hardware downtime, today much more is at stake:
Unfortunately, ignorance is no excuse for inaction. In today’s networked world, information on an unsecured system can be quickly compromised, or the system itself can be used as a launchpad for attacks on other systems and networks. Even if you’re not an expert, you still need to take steps to protect your organisation and others. Your business needs protection that is simple to install and easy to maintain. Your time should be dedicated to the success of your business, not the constant safeguarding of the network.
Even with limited resources and expertise, you can maintain the security of your systems and network. Consider the points below; are you taking these steps? Routinely ask key questions before purchasing any new product to determine that your software, hardware, business processes and procedures will work together to keep your business secure. Such questions include:
– What do I really need this product to do?
– How well will it work with what I already have?
– What do I do to achieve its best performance?
Look closely at your most valuable assets and ensure they are well-protected. For one business this may be protecting its customer database or protecting intellectual property, and for another, it might be securing financial information. Whatever steps you do take, be sure your business is protected. Dealing with cyber crime within a legal and regulatory framework means that there are six potential end-game scenarios depending on whether it is as a result of either an internal or external attack. These are discipline, resignation, dismissal, civil prosecution, criminal prosecution, or make it go away.
If an organisation does not have a forensic readiness plan then it is likely to be unprepared for the consequences of an incident investigation. Law enforcement agencies could conduct a search of premises and seize business-critical computer systems which could cause major business continuity issues. Also, an organisation may be prone to significant liabilities if it cannot collect digital evidence to a standard required during civil proceedings and tribunals in response to employee abuse of an organisation’s computer systems.
Potential incident investigations include:
Adoption of a forensic readiness policy is a mandatory requirement for Government Departments. But if you work with (or plan to work with) a Government Department then they may require, or expect, an organisation to have a forensic readiness policy. Other business benefits of adopting a forensic readiness policy include:
The benefits to the organisation of creating a forensic readiness policy consist of the following:
London: 0207 438 2045
Manchester: 0161 797 8123