Posts

, ,

Meeting the changing demands of cyber security

Cyber attacks are becoming more frequent in the business world today. In light of this, cyber security has become one of the leading concerns for UK businesses. Research conducted by Serviceteam IT in August 2017, revealed over a third of respondents had experienced an increase in cyber security incidents in the past 12 months.

The Technical Director of the National Cyber Security Centre (NCSC) has predicted that at some point in the next few years, a Category 1 national level cyber attack will occur in the UK. A change in thinking regarding cyber security is required from both organisations and the government in order to prevent such an attack from occurring. The Technical director of the NCSC has warned that it may take the inevitable category 1 attack to catalyse such changes to be made.

What changes need to be made in organisations to meet these changing demands?

Utilise your workers

Branded as the ‘weakest link’, employees have been blamed by cyber security professionals for the past 25 years for weaknesses in the security system. It has been argued however, that these are the people that create the value within an organisation. If this is the case, how is it that employees are labelled the weakest link?

The problem lies in the fact that systems are often designed by techies for techies. Ordinary people, that make up the majority of many workforces, are therefore not able to utilise the system in an effective way that ensures security. This needs to change.

People can transform from the weakest to the strongest link in an organisation, if the systems are made more usable. If you can leverage your people better, they can become the first and last line of defence in an organisation. It’s time to stop blaming the users and start modifying the system.

Getting ahead of cyber attacks

There is an opportunity for firms to get ahead of cyber attackers. Organisations need to work with employees to uncover new possibilities instead of relying solely on shelf security solutions. Non-expert technology users are argued to be the secret weapon in the defence systems of the future.

At the moment, organisations are reliant on non-experts making good IT decisions. Training in the past has not been effective in engaging people and ensuring they are trained correctly. These people need to be trained more effectively to enable firms to get ahead of attacks and prevent them from occurring.

Technology collaboration

Currently, the major concern regarding cyber security is the speed of action following an attack. This focus needs to shift in order to win. Organisations need to be able to predict attacks with the aim of preventing them from occurring.

In order to do this, insight can be gained from merging technologies such as AI with the masses of non-experts within organisations. Consequently, there is a need for experts in sociology and psychology in security development teams. These experts will be the most effective in engaging the masses of non-technical users and understanding how they will respond to changes.

Ultimately, there is therefore a need for businesses and the government to change their approach towards cyber security. Security needs to be easier for users to carry out as people are key. As the users of technology, their needs need to come first in order to maximise the strength of security within organisations.

If you’re interested in cyber security, check out some additional blogs surrounding this topic on the website.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

Cyber Security in the Workplace Is Everyone’s Obligation

Cyber security is no longer just a technology challenge—it’s a test for everybody who uses and interacts with technology daily. That means: everyone in your organization.

The protection and security of employees’ work and personal lives are no longer separate. They have been intertwined with evolving trends of social networks, the internet of things, and unlimited connectivity.  Because of this, cybersecurity is no longer just the responsibility of the company IT department. It is now the responsibility of every employee, not just to protect their work assets but their personal data as well.

Failure to do so puts your organization at risk.

Cyber attackers do not care about age, gender, race, culture, beliefs or nationality.  They attack based on opportunity or potential financial gain. They attack irrespective of whom the victim is, whether it’s an 8-year boy at home playing computer games on dad’s office laptop or an employee sitting in the office reading emails.

So why are so many organizations experiencing cyber breaches?

Cyber breaches occur because of three major factors:

  • The Human Factor
  • Identities and Credentials
  • Vulnerabilities

Today people are sharing a lot more information publicly, ultimately exposing themselves to more social engineering and targeted spear phishing attacks. The goal of these attacks is to compromise devices for financial fraud or to steal identities in order to access organizations that employees are entrusted with protecting. Once an attacker has stolen a personal identity they can easily bypass an organization’s traditional security perimeters undetected, and if that identity has access to privileged accounts, the attacker can carry out malicious attacks in the name of that identity.

Employees power up devices daily and connect to the internet to access online services so they can get the latest news, shop for the best deals, chat and connect with friends, stream music and videos, get health advice, share their thoughts, and access their financial information.  As they use these online services they can quickly become a target of cyber criminals and hackers.  So, it’s critically important that everyone in your organization learns how cyber criminals target their victims, how to reduce their risk, and how to make it a lot more challenging for attackers to steal their information, identity or money.

When using services like social media people are often inadvertently sharing personally identifiable information—both physical and digital—like their full name, home address, telephone numbers, IP address, biometric details, location details, date of birth, birthplace, and even family members’ names.  The more information they make available online the easier it is for a cyber-criminal to successfully use that personal information to target them.

Did you know these facts? Cyber criminals and hackers spend up to 90% of their time performing reconnaissance of their targets before acting, meaning that they typically have a complete blueprint of their target.

With the increase in our digital activities, hackers and cyber-criminals have changed the techniques they use to target people, with email being the number one weapon of choice, followed by infected websites, social media scams, and stealing digital identities and passwords.  Reports and statistics in the past years have shown that more than 80% of data breaches have involved an employee as a victim—hackers claim that it is the fastest way to breach a company’s security controls.

This means that people—including your own employees—are on the front line of cyber security attacks. Threats can start from something as simple as a personal social footprint, and end up with individuals being used as a mule to gain access to your organization’s finances and sensitive information.

The time has come to create a balance between technology and people. We must increase our cyber security awareness to help us protect and secure both our personal assets and our company assets.  The time for a people-centric cyber security approach is now—which means that cyber security is everyone’s responsibility.

About the author: Joe Carson is a cyber-security professional with more than 20 years’ experience in enterprise security & infrastructure. Currently, Carson is the Chief Security Scientist at Thycotic. He is an active member of the cyber security community and a Certified Information Systems Security Professional (CISSP).

Source: infosec island

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!