Today we look at a hot topic in the world of IT: Cyber security. News headlines this week have been dominated by a cyber-attack on Uber. Recently, IHG were the victims of a data breach and a foiled ransomware attack. What then can be done to mitigate the risks involved in such attacks?
Cyber Security Definition
Firstly, we need to define exactly what cyber security is. To do that, we must outline its core objective, which is to reduce the risk of cyber-attacks and to provide protection against them. This protection is given to systems, networks, programs, devices and data. The objective is then achieved through the application of technologies, processes and controls.
IT Security in general is becoming ever-more important nowadays, for many reasons:- Cyber-attacks are increasing in number
- They are becoming more sophisticated
- The costs involved in data breaches are rising
- Cyber-crime in general is growing
There are different types of cyber security to implement:
- Critical infrastructure security
- Network security
- Cloud security
- Internet of Things (IoT) security
- Application security
Who Needs It?
Simply put, if an organisation is connected to the internet, then it is needed. It is a common misconception amongst smaller businesses that they are not a target for cyber-criminals. That is not the case, for many reasons. For a start, many cyber-attacks are automated and designed to exploit common vulnerabilities.
Cyber-criminals seek to gain access to a computer or network server in order to wreak havoc. Once access has been gained, there are many paths (“attack vectors”) that can be used to do this. Common ways to gain access include:- Website or email attacks
- Via removable media (i.e., Flash drives)
- Using devices containing confidential info which have been lost or stolen
- Unauthorised use of an organisation’s system privileges
- Via a “Brute force” attack (using trial and error to decode encrypted data)
Once in, there are many different types of cyber-threat that can be implemented. Some common types are as follows:- Malware
- Spam and Phishing
Malware is a program which operates in secret to compromise the data within a system. It has become a significant external threat and can cause major damage and disruption.
Ransomware prevents or limits access to systems via malware. It then also asks victims to pay a ransom using online payment methods. In return, access will then be returned. Ransomware is one of the most widely used methods of attack nowadays and is difficult to detect. Organisations are encouraged then to implement robust methods of prevention. Examples of this include strong IT Security controls and training for employees.
Spam and phishing are much more common and aim to trick individuals into revealing sensitive or personal information. Most of us have received spam emails containing links – do not click on them! – but these threats are also now becoming more sophisticated.
Top Tips: Preventing Cyber-Threats
- Scan email file attachments and then save them to local drives
- Only allow certain types of files to be sent / received by email
- Restrict removable media usage
- Implement strict access / privilege levels
- Regularly update systems with OS / App upgrades and patches
In addition to these measures, here are some more you can adopt to then increase your levels of security.
If you did not know much about cyber security before, then hopefully you do now. At least, we hope you have picked up a few tips and perhaps some inspiration to ramp up your own efforts.
CRIBB Cyber Security
CRIBB is a vital part of theICEway ecosystem of companies. Established in 2016, their team are fundamental to our security by design approach to IT solutions. If you require further advice or guidance, then they will be only too happy to help.
CRIBB Services at-a-glance:- Certifications (including Cyber Essentials & then Cyber Essentials Plus)
- Detection & defence (including vulnerability scanning & penetration testing)
- Safeguarding (including Data Protection Officer services)
New for 2022 / 2023 are our CRIBB Cyber Security Ready (CSR) annual packages. These are designed to help organisations large and small to become more cyber aware. If you do not have a robust IT security framework in place, then these are a big step in the right direction.
Want to read more? Then keep an eye out for a dedicated CRIBB page coming soon to this website. For more information right now, including a wealth of articles, visit the CRIBB website.