Sunday, December 29, 2024
HomeComputer SecurityBest Ways to Prepare Your Organization For Cyber Disasters

Best Ways to Prepare Your Organization For Cyber Disasters

Published on

SIEM as a Service

As technology continues to develop, the nation and its businesses become more and more reliant on the internet. This has become an even more worrisome issue as the development of the Internet of Things is leaving everyday essentials reliant on the internet, and their operation reliant on a business’s ability to protect themselves from threats and Cyber Disaster.

Ransomware has been a prominent problem amongst businesses for many years, targeting companies in all sectors. In recent years, the world has seen ransomware cause devastating problems across the board: from the Wannacry attack on the 12th of May 2017, that targeted the NHS, to the Badrabbit attack that hit Russian and Ukrainian businesses, including major Russian news outlets.

Both of these cases of ransomware attacks had one major thing in common, the demand for Bitcoin as payment. In the case of Badrabbit, this was 0.5 Bitcoin from each of the hundreds of victims that it targeted.

- Advertisement - SIEM as a Service

In the case of Wannacry, which was achieved through a vulnerability in Microsoft, each of the victims targeted were requested to pay in Bitcoin to the amount of a minimum of £228; achieving a total ransom of around £108,000

In response to this, businesses have already been seen to have been purchasing Bitcoin for the purpose of paying off potential attackers, when they are targeted. Whilst this is a reactive approach to dealing with hackers and the threat of ransomware, are businesses also being protective in the face of the growing threat?

Responding to a Growing Problem

Keeping private or sensitive information safe is something that all businesses have a requirement to do. To defend their systems and data, the first point of call for many businesses is understanding the threats, encrypting data, and securing their hardware.

There are many essentials that most businesses incorporate into their overall cybersecurity strategy. These include firewalls, restricted access controls, malware protection, secure configuration, and patch management. These also fall under the recommendations set out by the government in their Cyber Essentials scheme.

Cyber Essentials was developed in 2014 and launched on the 5th of June 2014. By the October of that year, all companies that were responsible for handling data that was sensitive or that contained personal information, and that supplied to the Government, had to have a Cyber Essentials certificate.

The main aim behind the Cyber Essential scheme is to ensure that companies are able to protect themselves from common cyber-attacks and threats, and understand the risk that data is under.

There are two different forms of the scheme that companies can use to show that they’re protected, the Cyber Essentials security and Cyber Essentials Plus. The main difference between these is that a business performs a self-assessment themselves to get a Cyber Essentials badge, and the Cyber Essential Plus badge requires an independent auditor.

Whilst Cyber Essentials is both backed by the Government and supported by industries and has been developed to provide protection, it is not a comprehensive package – more of a platform to then start building a full protection strategy on top of.

Consultancy Services

To build on top of the protection that falls under the bracket of the Cyber Essentials badge and prepares themselves to pass the test, more and more businesses are turning to the services provided by a consultancy. Of these services, there are two key ways that businesses are better preparing themselves for cyber-attacks: penetration testing and IT health checks.

Penetration Testing

Penetration testing is a specialist test that is designed to exploit any vulnerabilities in a business’s protection. This helps to establish how much risk a business is at from unauthorized access and the potential of malicious actions within their system. Normally, a penetration test is both performed externally and internally; highlighting where there are weaknesses that can easily be exploited. Read here for more information on how the process normally works.

Are Businesses Doing Enough to Protect Themselves?

From the sheer amount of cyber attacks reported in the UK, it is not difficult to deduce that businesses simply aren’t doing enough to stand-up to this growing threat. According to the PwC’s Global State of Information Security Survey from 2018, upwards of a quarter of the organizations in the UK don’t know the number of attacks they were victim to in 2017, with a further third of the businesses having no understanding of how the attacks happened.

While there are ways out there to protect businesses, such as penetration testing and IT health checks, until every business takes a better look at their strategy for cyber defense, the risk of cyber disaster will only continue to grow.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Lumma Stealer Attacking Users To Steal Login Credentials From Browsers

Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a...

New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers

Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated...

NjRat 2.3D Pro Edition Shared on GitHub: A Growing Cybersecurity Concern

The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms...

Palo Alto Networks Vulnerability Puts Firewalls at Risk of DoS Attacks

A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Firefox 133.0 Released with Multiple Security Updates – What’s New!

Mozilla has officially launched Firefox 133.0, offering enhanced features, significant performance improvements, and critical...

Digital Wallets Bypassed To Allow Purchase With Stolen Cards

Digital wallets enable users to securely store their financial information on smart devices and...

Best SIEM Tools List For SOC Team – 2024

The Best SIEM tools for you will depend on your specific requirements, budget, and...