Tuesday, November 26, 2024
HomeComputer SecurityBest Ways to Prepare Your Organization For Cyber Disasters

Best Ways to Prepare Your Organization For Cyber Disasters

Published on

As technology continues to develop, the nation and its businesses become more and more reliant on the internet. This has become an even more worrisome issue as the development of the Internet of Things is leaving everyday essentials reliant on the internet, and their operation reliant on a business’s ability to protect themselves from threats and Cyber Disaster.

Ransomware has been a prominent problem amongst businesses for many years, targeting companies in all sectors. In recent years, the world has seen ransomware cause devastating problems across the board: from the Wannacry attack on the 12th of May 2017, that targeted the NHS, to the Badrabbit attack that hit Russian and Ukrainian businesses, including major Russian news outlets.

Both of these cases of ransomware attacks had one major thing in common, the demand for Bitcoin as payment. In the case of Badrabbit, this was 0.5 Bitcoin from each of the hundreds of victims that it targeted.

- Advertisement - SIEM as a Service

In the case of Wannacry, which was achieved through a vulnerability in Microsoft, each of the victims targeted were requested to pay in Bitcoin to the amount of a minimum of £228; achieving a total ransom of around £108,000

In response to this, businesses have already been seen to have been purchasing Bitcoin for the purpose of paying off potential attackers, when they are targeted. Whilst this is a reactive approach to dealing with hackers and the threat of ransomware, are businesses also being protective in the face of the growing threat?

Responding to a Growing Problem

Keeping private or sensitive information safe is something that all businesses have a requirement to do. To defend their systems and data, the first point of call for many businesses is understanding the threats, encrypting data, and securing their hardware.

There are many essentials that most businesses incorporate into their overall cybersecurity strategy. These include firewalls, restricted access controls, malware protection, secure configuration, and patch management. These also fall under the recommendations set out by the government in their Cyber Essentials scheme.

Cyber Essentials was developed in 2014 and launched on the 5th of June 2014. By the October of that year, all companies that were responsible for handling data that was sensitive or that contained personal information, and that supplied to the Government, had to have a Cyber Essentials certificate.

The main aim behind the Cyber Essential scheme is to ensure that companies are able to protect themselves from common cyber-attacks and threats, and understand the risk that data is under.

There are two different forms of the scheme that companies can use to show that they’re protected, the Cyber Essentials security and Cyber Essentials Plus. The main difference between these is that a business performs a self-assessment themselves to get a Cyber Essentials badge, and the Cyber Essential Plus badge requires an independent auditor.

Whilst Cyber Essentials is both backed by the Government and supported by industries and has been developed to provide protection, it is not a comprehensive package – more of a platform to then start building a full protection strategy on top of.

Consultancy Services

To build on top of the protection that falls under the bracket of the Cyber Essentials badge and prepares themselves to pass the test, more and more businesses are turning to the services provided by a consultancy. Of these services, there are two key ways that businesses are better preparing themselves for cyber-attacks: penetration testing and IT health checks.

Penetration Testing

Penetration testing is a specialist test that is designed to exploit any vulnerabilities in a business’s protection. This helps to establish how much risk a business is at from unauthorized access and the potential of malicious actions within their system. Normally, a penetration test is both performed externally and internally; highlighting where there are weaknesses that can easily be exploited. Read here for more information on how the process normally works.

Are Businesses Doing Enough to Protect Themselves?

From the sheer amount of cyber attacks reported in the UK, it is not difficult to deduce that businesses simply aren’t doing enough to stand-up to this growing threat. According to the PwC’s Global State of Information Security Survey from 2018, upwards of a quarter of the organizations in the UK don’t know the number of attacks they were victim to in 2017, with a further third of the businesses having no understanding of how the attacks happened.

While there are ways out there to protect businesses, such as penetration testing and IT health checks, until every business takes a better look at their strategy for cyber defense, the risk of cyber disaster will only continue to grow.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

RomCom Hackers Exploits Windows & Firefox Zero-Day in Advanced Cyberattacks

In a new wave of cyberattacks, the Russia-aligned hacking group "RomCom" has been found...

Chinese APT Hackers Using Multiple Tools And Vulnerabilities To Attack Telecom Orgs

Earth Estries, a Chinese APT group, has been actively targeting critical sectors like telecommunications...

200,000 WordPress Sites Exposed to Cyber Attack, Following Plugin Vulnerability

A critical security vulnerability has been discovered in the popular WordPress plugin Anti-Spam by CleanTalk,...

Beware Of SpyLoan Apps Exploits Social Engineering To Steal User Data

SpyLoan apps, a type of PUP, are rapidly increasing, exploiting social engineering to deceive...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Digital Wallets Bypassed To Allow Purchase With Stolen Cards

Digital wallets enable users to securely store their financial information on smart devices and...

Best SIEM Tools List For SOC Team – 2024

The Best SIEM tools for you will depend on your specific requirements, budget, and...

AeroNet Wireless Launches 10Gbps Internet Plan: A Landmark Moment in Puerto Rico’s Telecommunications Industry

The telecom company AeroNet Wireless announced the launch of its new 10Gbps speed Internet...