Today we look at a hot topic in the world of IT: Cyber security. News headlines this week have been dominated by a cyber-attack on Uber. Recently, IHG were the victims of a data breach and a foiled ransomware attack. What then can be done to mitigate the risks involved in such attacks?
Firstly, we need to define exactly what cyber security is. To do that, we must outline its core objective, which is to reduce the risk of cyber-attacks and to provide protection against them. This protection is given to systems, networks, programs, devices and data. The objective is then achieved through the application of technologies, processes and controls.
IT Security in general is becoming ever-more important nowadays, for many reasons:
- Cyber-attacks are increasing in numberThere are different types of cyber security to implement:
- Critical infrastructure security
- Network security
- Cloud security
- Internet of Things (IoT) security
- Application security
Simply put, if an organisation is connected to the internet, then it is needed. It is a common misconception amongst smaller businesses that they are not a target for cyber-criminals. That is not the case, for many reasons. For a start, many cyber-attacks are automated and designed to exploit common vulnerabilities.
Cyber-criminals seek to gain access to a computer or network server in order to wreak havoc. Once access has been gained, there are many paths (“attack vectors”) that can be used to do this. Common ways to gain access include:
- Website or email attacksOnce in, there are many different types of cyber-threat that can be implemented. Some common types are as follows:
- MalwareMalware is a program which operates in secret to compromise the data within a system. It has become a significant external threat and can cause major damage and disruption.
Ransomware prevents or limits access to systems via malware. It then also asks victims to pay a ransom using online payment methods. In return, access will then be returned. Ransomware is one of the most widely used methods of attack nowadays and is difficult to detect. Organisations are encouraged then to implement robust methods of prevention. Examples of this include strong IT Security controls and training for employees.
Spam and phishing are much more common and aim to trick individuals into revealing sensitive or personal information. Most of us have received spam emails containing links – do not click on them! – but these threats are also now becoming more sophisticated.
- Scan email file attachments and then save them to local drives
- Only allow certain types of files to be sent / received by email
- Restrict removable media usage
- Implement strict access / privilege levels
- Regularly update systems with OS / App upgrades and patches
In addition to these measures, here are some more you can adopt to then increase your levels of security.
If you did not know much about cyber security before, then hopefully you do now. At least, we hope you have picked up a few tips and perhaps some inspiration to ramp up your own efforts.
CRIBB is a vital part of theICEway ecosystem of companies. Established in 2016, their team are fundamental to our security by design approach to IT solutions. If you require further advice or guidance, then they will be only too happy to help.
CRIBB Services at-a-glance:
- Certifications (including Cyber Essentials & then Cyber Essentials Plus)New for 2022 / 2023 are our CRIBB Cyber Security Ready (CSR) annual packages. These are designed to help organisations large and small to become more cyber aware. If you do not have a robust IT security framework in place, then these are a big step in the right direction.
Want to read more? Then keep an eye out for a dedicated CRIBB page coming soon to this website. For more information right now, including a wealth of articles, visit the CRIBB website.