AD

Back to School: Lessons in cyber security

This year, not every business has been awarded an A* in cyber security. Be it an accidental data leak, an employee falling foul of phishing, or vulnerabilities that are yet to be patched, most companies have plenty of room for improvement.
AD

With a new school term about to begin, six experts have come together to give a one-off class in effective cyber security. They discuss the lessons to be learnt from this year’s biggest attacks, and provide top tips that businesses should follow to ace the tests sure to come in the following months.

WannaCry ransomware: Thomas Fischer, global security advocate at Digital Guardian

“Without doubt the most high-profile cyber attack this year is WannaCry, which spread across the globe and severely impacted parts of the NHS. Attacks like this have been happening for years, but unfortunately we are either quick to forget, or simply don’t learn from past experiences. After all, the recommendations remain the same.

“All companies, big or small, must adopt a ‘patch early, patch often’ mantra. A regular review of system settings is needed. Also, don’t forget to disable unnecessary services open to attack. It is inevitable that hackers will, at some point, breach a network. In this case, ‘data aware’ technologies can prevent them from snatching sensitive data. Keeping customer data safe doesn’t take a huge investment, it just takes a smart one.”

Cloud server misconfigurations: Eduard Meelhuysen, head of EMEA, Bitglass

“A number of recent data exposures have stemmed from simple cloud misconfiguration errors; take the Dow Jones and Verizon incidents, for example. There’s an important lesson to be learnt from these incidents: organisations can’t abdicate all responsibility to cloud service providers once migrated to the cloud.

“Businesses need to realise that, although cloud services can be secure, it is the responsibility of those using them to ensure the services are configured in a secure fashion. Negate the risk of human error by looking to technology to quickly, easily and cost effectively ensure appropriate configuration of cloud services and encrypted company data en route to the cloud.”

Risky smart devices: Barry Shteiman, director of threat research at Exabeam 

“Companies need to consistently learn and revise security postures with each new technology wave. The latest big shift in the state of play is the introduction of internet-connected devices in business networks. As more devices become ‘smart’ and internet-enabled, they are often given the ability to send, query or process corporate information.

“Hackers are able to use these devices – usually left unmonitored – to break into the network and steal company data. Security teams should add behaviour monitoring to their arsenal, as it is the best way to illuminate this attack risk. By understanding the normal behaviour of IoT devices, it’s possible to spot a ‘highjacking’ early on. IoT will grow and gain greater access to data; already a lucrative target for cyber-bullies.”

Recognise the real and present danger posed by employees – a topic discussed on the next page

1 2

Share with your network

Follow Real Business:

About Author

Real Business

As the champion of UK enterprise for 20 years, Real Business is the most-read SME website dedicated to high-growth businesses and entrepreneurs. Through daily news, unique insight and invaluable guides we are an essential resource for thriving businesses.

Real Business