Identifying and protecting your organisation against cyber security threats
Unless you’ve been off-grid for the last fifteen or so years, you’ve probably heard or read about cyber security threats. Malware, cyber-attacks and security breaches are costly incidents that involve someone gaining unauthorised access to computer data, applications, networks or devices. Once inside a digital environment, threat actors can often access almost all of your data and information without further authorisation.
Organisations are becoming more vulnerable to cyber threats, thanks to our increasing reliance on computers, networks, programs, social media and data. Security breaches generally occur when an intruder successfully bypasses security controls. For organisations like yours, a cyber threat can have devastating consequences, including financial and legal risk. There’s another risk that is presented as well, which could be more damaging in the long run because it affects the other two: – reputational risk.
6 steps to creating a cybersecurity risk reduction strategy
- Recognise a security breach
- Understand your organisation’s risk level
- Create a cyber risk profile
- Learn what to do if your network is breached
- Explore cybersecurity frameworks
- Create a management model
Recognise a security breach
There are quite a few types of security breaches, depending on how access is gained to a system and how sophisticated the intruder is. They can include:
This is when a system vulnerability is breached, such as an out-of-date operating system. This includes legacy systems, which haven’t been updated and are no longer supported.
Believe it or not, this still happens. It often occurs when an individual or organisation uses a birthdate or the word ‘password’ or a variation such as ‘pa$$word’ or Password1.
A malware attack, such as phishing emails, can be used to gain entry into a network or bank account. All it takes is for one employee to click on a link to allow malicious software to quickly spread through the network.
An oldie but a goodie. This is when an intruder phones an employee claiming to be from the company’s IT department, and they ask for the password so they can ‘fix’ the computer.
While an IT team may think their network is safe and secure, they may not realise how fragile their system really is. They need to be as vigilant as the thousands of hackers out there.
There are other types of breaches so, if you’re really keen, head over to our Pentester’s Guide to Weak Entry Points. This article offers a comprehensive list of weak entry points that allow our Penetration Testing Team to consistently see success when breaching clients’ environments.
Understand your organisation’s risk level
Is your organisation at risk of a cyber threat? Wrong question. Of course it is!
Like most organisations around the world who rely on computers across every aspect of their business, you are at risk of a cyber threat.
If you store large volumes of personal identifiable information (PII) on external cloud providers, you are at risk.
If you don’t continually train and educate your staff, right up to the top, (yes, especially the C-suite), you are at risk.
If you don’t continually revise and update your security protocols, you are at risk.
If you have a large number of devices that are connected to your network, including employees, third-party vendors, partners, sponsors, stakeholders, residents, students, patients, and clients/customers, you are at risk.
If anyone can access your network at all, for any reason, you are at risk. As scary as it may seem, thist means a hostile foreign power, competitor, or organised hacker can also access your network. So, yes, you are at risk.
So, the right question to ask is, to what extent is your organisation at risk of a cyber threat?
While there was once a time when your IT team could manage and control these risks, now they may struggle to protect your organisation from sophisticated attacks. They may also be challenged when it comes to keeping up with more secure network configurations. In short, their efforts may need to be complemented with sophisticated cyber security professionals, up-to-date software programs and a decent cyber security risk management strategy. The good news is, we can help you immediately, and prevent any future breaches.
Create a cyber risk profile
A risk profile is an analysis of the types of threats your organisation could potentially face. It’s a worst-case scenario picture generally based on the assets you want to protect and the goals you want to achieve. To fully understand your organisation’s cyber risk profile, you need to determine what information could be valuable to an outsider or competitor, and what could cause significant disruption if it was lost or corrupt.
You should also consider the risk appetite of your organisation. This is basically the amount of risk you are prepared to accept, or retain, in order to achieve your business objectives. By determining your risk appetite, you can make better choices by considering risk more effectively.
The following would be considered valuable to cyber criminals:
- Customer data
- Employee data
- Third party vendor data
- Contract terms and pricing
- Intellectual property
- Product quality and safety data
- Financial data
- Strategic planning information
For some of these data types, it’s a given that it will already be widely accessible. For example, many organisations have their terms of service downloadable on their websites, and MSDS sheets for products ready for legal purposes. Plus, public agencies, non-profits, and many other types of organisations, need to have their Annual General Report (including financial data) readily accessible for anyone who wants to look at it, to promote transparency and integrity.
The important thing to remember when assessing information is that it’s the accessibility that makes it valuable. If it’s already available, chances are you’re fine. If it isn’t, and it’s vital it remains private, you need to ensure it’s secured.
It’s also important to revisit your risk profile on a regular basis. This is so you can update it when your assets or other factors change as your organisation evolves, to establish if you’re more vulnerable to threats.
Learn what to do if your network is breached
First up, don’t panic.
Second, act quickly. You need to keep a level head and work fast to minimise the damage and mitigate the risks. If you have a security management team, they are your first port of call.
If you don’t have a security management team, here are some suggestions to help you:
- Lock down all network access to your data by booting out all users – ALL USERS – and, for all systems under your control, force password resets on every user account across the organisation
- Contact your financial institutions.
- Change the passwords on all external organisational accounts. This will likely involve the assistance of all levels of management to cover all bases.
- Communicate to all employees, stakeholders, partners, etc, to reset passwords on all personal accounts as well. It’s likely they reuse their passwords, and their own personal data is at risk.
- Determine what data has been stolen, and what the threat actors are doing with it. Is it a ransomware attack and your data has been stolen? Or is the data still there and they’ve merely copied it to auction it to the highest bidder?
- Engage with a legal representative to see what potential ramifications the breach and its resulting data loss could cause.
- Establish what notification protocols your organisation is bound by. Follow those protocols to the letter.
- Be vigilant and avoid further requests for personal data after a breach by monitoring all accounts, endpoints, and other network access points for suspicious activity.
- Once the dust has settled, consider creating an in-house security operations centre for 24/7/365 monitoring and protection. Or consider outsourcing to an expert cyber security partner.
Expert consultants can work to protect your business from data breaches, identify your data leaks and help you continuously monitor the safety of your vendors. Remember, without the right safety strategy in place, your data (and your customer’s) could be at risk.
Explore cybersecurity frameworks
While there is no single risk mitigation strategy that guarantees to prevent cyber security incidents, we highly recommend that you set your sights on implementing The Essential Eight. This baseline framework is provided by The Australian Cyber Security Centre, a part of the Australian Signals Directorate (ASD), an Australian Government agency. These strategies make it much harder for attackers to compromise your systems.
Create a management model
You’ve gone through and set the groundwork. Now, your final step of preparation for potential cyber attacks starts by understanding how you will manage the situation when it arises. Because the question is not if, it’s when.
Standing up a SOC (or Security Operations Centre) is the Gold Standard to ensure that you are monitored, defended, and protected, 24/7/365. Training up staff that are up to date with the latest tactics, vulnerabilities, and defense techniques will give you the highest level of protection. As that is a significant commitment, most organisations choose to outsource their SOC to a MSSP for the simple resourcing advantages.
As a MSSP – Managed Security Services Provider – we provide operational, tactical and strategic support for your entire digital environment. Our friendly, specialist security team is constantly looking for opportunities to improve digital environments to ensure they’re efficient, productive and safe. By outsourcing to Nexon, it means you get a team of expert analysts identifying, investigating, prioritising and resolving any issues that could affect your organisation’s infrastructure and data, every second of every day – without the need to skill up your own staff to do so.
Whether your organisation is facing challenges with your IT budget or expertise in your IT team, or you’re finding it hard to navigate the vast and ever-changing landscape of cyber threats and attacks, Nexon can help you with our managed security and support services.
Ready to talk cyber safety with Nexon? Contact us today.