When it comes to our cyber activity, it seems that we are playing a never-ending game of chasing tails with cyber criminals. The more our technologies advance and adapt, so criminals are finding new and sneakier ways to break into systems and take personal and sensitive data hostage.
Unsuspecting industries such as healthcare and hospitality are unwittingly becoming the biggest targets of cyber attacks, as vital information such as health records and access to hotel guest records is suspended until ransom is paid. These kinds of attacks show just how creative the cybercriminal industry continues to be.
The huge WannaCry breach that took place only recently, hitting over 150 countries – including the UK’s NHS hospital system and Germany’s railways is another reminder of the bad guys’ capabilities. This attack could probably be considered the biggest online extortion attack ever recorded after hitting hundreds of thousands of computers.
So, we need to keep one step ahead at all times.
Effective cyber defence requires paying attention to the technologies that are available and using them in the way they are supposed to be used. Companies that take this approach will construct effective barriers meaning hackers will go elsewhere and find an easier target to attack.
Despite the fact that criminals are becoming more complex and scaling up their attacks, two of the fundamental issues that allow these breaches to take place are the fact that businesses are unwilling to invest in the necessary security and prioritise security and secondly there is a lack of education and care amongst employees and non IT staff when it comes to cybersecurity.
Our own AIR Research just launched in May shows that fewer than one in five (17%) employees cite security as a top thought when using business apps. Furthermore, the number of employees in the UK who “just try not to think about cyber-attacks” was much higher at 32% than the global average which was 21%.
For the defence to stay ahead of the attackers in this cat and mouse game of cybersecurity, these factors need to change. Their needs to be a focus on cybersecurity, it needs to be prioritised and everyone within an organisation needs to take responsibility for keeping defences watertight. Security is only as strong as the weakest link and attackers are adept at finding weaknesses in the defences put in place to keep an organisation safe.
With growing attacks and new European laws most notably GDPR, companies should feel more inclined to consider security precautions as a priority, but crucially, by giving cybersecurity the attention it deserves and investing in well-managed security controls, damage control won’t be necessary.
Organisations have a responsibility to invest in well-managed security tools, which have controls designed to prevent, detect, contain and remediate data breaches. Furthermore, organisations should take care to share simple safeguarding techniques amongst employees and make sure that they are educated around the type of attacks to expect, but ultimately protection systems need to be put in place to keep hackers out.
As employees are an organisation’s greatest tools, the way they contribute to securing the company should also be well-managed. CIO’s and CISO’s should ensure staff have the knowledge, tools and ability to keep themselves and the organisation safe from the myriad of threats that are looking to jump over low barriers or get through chinks in the security armour.
Being ahead in the game of chasing tails isn’t too hard if you can keep up your pace and that’s the same in the game of cybersecurity. A little self-awareness and education and regimented security best practices in the work place can go a long way towards winning.
By Duncan Hughes, Systems Engineering Director, EMEA, A10 Networks