If you’ve not heard of Cyber Security Month before, it’s an annual campaign to raise awareness of cybersecurity threats, promote cybersecurity among consumers and organisations as well as provide resources to protect themselves online, through education and sharing of good practices.
We fully support October Security Month, and what’s interesting about it this year is the global theme ‘Cyber Security is a Shared Responsibility’. This is a mantra we follow at NTT Security as we believe security is a business problem. Just take a look at our latest Global Threat Intelligence Report and you’ll see how cybersecurity affects every organisation, regardless of location, size and industry.
The findings tell us that it’s never been so important for everyone to play a role in cybersecurity - Security and IT professionals, right through to executives, management and end users. And that is what this week’s theme in the EU campaign is about – cybersecurity in the workplace.
Businesses need to raise awareness among company employees about threats such as ransomware, phishing and malware. Our latest Global Threat Intelligence Report showed that phishing was responsible for 73% of malware attacks being delivered to organisations worldwide. Businesses need to educate employees about these issues and help them understand that they have a personal responsibility when it comes to protecting their organisation.
Many businesses will already have awareness programs in place but often the methods of communication are not effective enough. For example, are employees aware of the potential for today’s malware attacks to not only target their employer’s corporate assets but also leverage their corporate devices and credentials to replicate its attack path towards the employee’s personal assets, and those of their friends and family? This is potentially a stronger message to be communicating.
It is no secret the security industry is hot. New technologies are coming out seemingly on a weekly basis. However, the rate of cybercrime incidents is outstripping the rate of investment into security technology and organisations frequently find themselves with a complex web of technologies that only create more noise for security professionals. To combat this, we work with many organisations to implement a more innovative and advanced cybersecurity defence architecture but we find that, more often than not, these incidents are a result of a lack of basic cybersecurity practices.
Businesses, therefore, need to have good cyber hygiene. They need to take data security seriously, recognising it as both good practice and a business enabler.
Here are our recommendations:
- Improve internal knowledge and awareness of data security among employees, and highlight the importance and implications of what people do when accessing and using corporate data. Adopt a culture of cybersecurity;
- Understand that this is not just technology, but people and processes too. Enforce a formal security policy and communicate it to all staff;
- Perform regular assessments of employees’ cyber readiness in the form of penetration testing and simulated phishing/malware attacks. This will enable the business to measure the effectiveness of its training and awareness programs;
- Completely secure all critical data by implementing the appropriate controls to predict, protect, detect and respond to potential threats;
- Consider working with a trusted Managed Security Services Provider (MSSP) that understands your business and security objectives and has the ability to sift through large volumes of data, detect real threats and provide actionable, contextual information, allowing your internal resources to act quickly on closing vulnerabilities;
- Put in place an incident response plan to minimise impact and costs should a breach occur.
For more information on the some of the biggest cyber threats, and how to be protected from them, download our 2017 Global Threat Intelligence Report, visit: https://www.nttsecurity.com/GTIR2017.