Organisations face the growing risk of becoming victims of cyber security threats – what can they do to avoid them?
Organisations face the growing risk of becoming victims of cyber security threats and this is no surprise as it is a highly lucrative enterprise for cybercriminals.
Seb Krupowicz, UK SOC Manager and Carl Murray, Senior SOC Analyst at CyberCX discuss how organisations should react to the rise in cyber threats and how to protect your business.
The threats are becoming more common with miscreants following known and well-tested IT frameworks like the agile framework which they use for malicious software releases. Increased maturity of cybercriminal groups can often lead to catastrophic consequences for organisations including financial, reputational and legal impacts.
The NHS and Government councils are falling victim to these attacks
Particularly in the UK, healthcare institutions such as the NHS and Government councils are falling victim to these attacks as cybercriminals are resilient and innovative, adapting and finding new ways to maximise impact.
In the last 12 months, 39% of UK businesses identified a cyber attack
Official statistics in a survey conducted by The Cyber Security Breaches found that in the last 12 months, 39% of UK businesses identified a cyber attack. The most common threat type was phishing followed by more sophisticated attack types such as malware or ransomware attacks.
The importance of cyber security and how is it perceived within organisations
Cyber attacks can hit organisations of any size and type. It could be to target the organisation as a whole or an attack that aims to get something specific such as sensitive company data. Cyber security is something that can often be forgotten about within an organisation. It can also be quite frustrating if you constantly get reminders to install the latest security updates. It’s very easy to ignore them until it’s too late. For example, if your laptop needs to update to the latest software and you would have to reboot your laptop to finish the installation process, the majority of people would usually postpone the update.
This is similar to when you are asked to change your passwords frequently. People will usually delay changing passwords, or they will change it to something simple because they want to remember what it is and then the same password will be used across all other platforms.
Business leaders as well as employees need to be able to switch their mindset in terms of how they perceive cyber security and to know what to look for. What may look like a legitimate link or text can actually have a URL to a malicious site hidden behind it and people within organisations need to recognise which websites could be dangerous.
How organisations are affected in the short and long term
In the short term, what you often end up with is that the employees are able to get back to work as soon as the system becomes accessible again. However, the full recovery will still take some time, no matter the size of the organisation. Also, you could potentially lose customers as they leave due to security and privacy concerns.
Being able to regain the trust of the wider public can be difficult
Looking at the long-term, being able to regain the trust of the wider public can be difficult and in some cases, it can destroy the company and put them in a position that they will not be able to recover. Either, they will not be able to operate as they did before the attack, or they have completely lost their reputation, no one wants to do business with them and the financial impact will be too damaging.
In terms of the length of recovery, this really is heading into the unknown. If an organisation was prepared for a significant cyber security incident, had a skilled Incident Response Team in place and followed necessary practices like regular software backups, things could get back up and running fairly quickly. However, if these protocols haven’t been put into place, then it could potentially take the organisation months or even years to fully recover.
How threats can be detected
Filtering or blocking emails before they reach employees can reduce the probability of cyber attacks as well as reduce the amount of time that employees will have to report potential threats. Emails can be filtered by IP addresses, domain names and attachment types, to name a few.
Approach to tackling cyber security threats within an organisation:
Backing up company systems and data: Maintain multiple backups both online and offline. Having data backups in the cloud is recommended as files are easily available at any time and at any given location. For offline alternatives, external hard drives can be used. However, it is vital that the data is stored safely and in a secure location.
The dwell time: Ensure that the systems are secure and carry out a full internal investigation to identify the full scale of the damage. The investigation can help to determine if any data was lost, what part of the network was compromised, is the technology up to date, how effective the response plan is and much more.
Cyber security awareness within the workforce: It’s important to educate your workforce on how to detect and report potential threats. In addition, employees authorised to access sensitive information will be of greater interest to attackers. Ensure the employees most exposed to the risks are aware and offer additional support. Employees should be provided sufficient training so that they are able to detect and report cyber security threats such as education on what to look out for including inspecting email addresses, who is the sender, and inspecting links and attachments before they open them.
Incident response plan: Damage can be minimised with an incident response plan, ensuring that the organisation can return to business as usual efficiently. Incidents need to be detected and by having a quick response, it will help to prevent further damage to the organisation as well as reduce reputational impact. Business leaders should be asking themselves if the organisation were to be involved in a cyber attack, what would the recovery plan look like? Prepare and practise the response plans to ensure all employees know how to respond during an incident. They should always be updated regularly as it can help to improve the security of your organisation. Ideally, organisations should have an Incident Response Team in place.
Organisations need to provide regular cyber security awareness that enables the workforce to be best equipped to detect cyber threats. But organisations also need to make sure that they have efficient processes and adequate technology in place to make sure they are secure and prevent cyber criminals from causing long-term impacts.