Viruses, ransomware, Trojan horses and state-sponsored cyber attacks
The variety and sophistication of cyber-security threats to businesses and government organisations of all sizes are increasing.
It’s not just the financial cost of cyber crime, which costs businesses about $600 billion globally, according to one estimate. It’s also the damage to an organisation’s reputation when it emerges that it has been hacked, or lost customer data.
Vital public services are also vulnerable, and more than a third of NHS trusts in England were disrupted by the WannaCry ransomware attack in 2017.
The sheer number of cyber threats can seem overwhelming, even for businesses with large IT departments. But with planning, clear thinking and the right technology, all businesses can improve their IT security.
Here are tips for better cyber security:
Know your business
Review your IT (hardware, software, supply chain, your suppliers). List any possible security weaknesses − for example, operating systems that haven’t been updated to have the latest security; poor password-security.
Next, work out how serious the security threats are. Your business could still probably function OK if its work email system went down. But if a payment system or customer relationship management (CRM) system is out of action for a few days, that could cause serious problems across your business.
When you know your weaknesses, you can plan how to deal with them, prioritise actions and budget for it.
One widely used and proven method for IT security is a risk-based approach (how to make a thorough assessment of your IT risks and how to deal with them).
The size and budget of cyber-security policies vary, but the aims are similar: stop the attack where possible; identify the threat quickly; mitigate the risk.
Changes to IT security can then be sorted into three categories: Technology, people and processes.
Understanding obstacles to better cyber security can save time and money.
One of the main obstacles in many businesses is a lack of knowledge about cyber security, for example understanding new cyber threats and the technology and procedures to mitigate the threats.
There is only so much that businesses can do themselves. That’s why many choose to work alongside a trusted security partner. But security cannot be totally outsourced. To be effective, cyber security requires an organisation-wide commitment and should be driven from the top down. Management support is crucial in cyber security, from allocating budget and resources, to recruiting staff.
It’s impossible to predict exactly which new cyber-security threats will cause most damage over the next couple of years and beyond.
But hackers usually follow the money. And in IT, a lot of this is going into cloud computing and mobile devices in business and internet-connected devices, the Internet of Things (IoT), ranging from cars and fridges to industrial sensors and watches. By 2020, there will be 20.4 billion things connected to the internet, research company Gartner has predicted. Each device is a possible way into a home or organisation for hackers.
Businesses are taking cyber-security threats more seriously than ever. And rightly so. Cyber attacks are one of the biggest risks facing the world in the next 10 years, according to the World Economic Forum, a not-for-profit organisation dedicated to improving public-private cooperation globally.
Beware of any IT supplier claiming that it can guarantee that your business is totally safe from cyber threats. That’s impossible because of the speed at which new cyber threats are emerging, human error and the complexity of corporate IT.
But it is possible to mitigate cyber threats to your business and minimise any damage if the worst happens. Start by reviewing your IT systems. List possible vulnerabilities that hackers, or a rouge employee could exploit − for example, a device connected to the internet that isn’t protected by a firewall. Then, assess the severity of the security threat (how much damage would it cause your business if security was breached). Work out how to fix the problem, or decrease the security risk. And don’t forget to review your IT security − ideally each year.
Finally, any good IT-security policy needs to be supported by the board. Otherwise the policy won’t be worth the paper, or software, it’s written on.
About the Author
Martin Lipka is Head of Connectivity Architecture at Pulsant. He is a leading Cyber Security expert with almost two decades of experience in the industry. Having developed his passion for IT at a very young age, Martin was a highly sophisticated hacker in his teenage years and quickly went on to create his own Internet Service Provider in his home country of Poland. Martin first joined Pulsant in 2008 as a Network Manager and became Head of Connectivity Architecture in 2014 — this role involves overseeing Pulsant’s network and cyber security strategies and leading the company’s infrastructure transformation programme.