Understanding Cyber Security Part 3

7. CYBER SECURITY DEFENSES USED BY ORGANISATIONS

Cyber security defence refers to the ability to preventing cyber criminals from compromising a computer system or device. Vendors in the cyber security space offer a variety of products and services organisations can acquire to help them to protect their environments from malicious actors.

More detail about how organisations have been implementing those cyber security technologies will be discussed at a later time in the portal.

8. BEST PRACTICES RECOMMENDED TO ORGANISATIONS TO STOP CYBER ATTACKS

As previously discussed, the high number of sophisticated cyber attacks targeting companies’ critical infrastructures have had a massive increase compared to 5 years ago, where billions and billions of dollars have been spent every year due to data breach caused by those attacks. To help organisations, their employees and customers to protect themselves from cyber threats, implementing best practices will undoubtedly help them to mitigate their risks and exposure. Some of these best practices will include the following, but it is not limited to:

• Employ the culture to always avoid pop-ups (when applicable), unknown emails and links
• Employ the culture to always use strong password protection and authentication
• Employ the culture to always connect to secure Wi-Fis
• Employ the culture to always enable firewall protection at the workplace and at home
• Employ the culture to invest in security defences and software updates
• Be open to consider biometric security when appropriate
• Create a hierarchical cybersecurity policy and culture within the organisation
• Employ the culture to back up your data and keep it safe, especially due to the increase on the number of ransomware attacks targeting organisations from all industries
• Ensure only authorised personnel will have access to your physical infrastructure
• Ensure privileged users are constantly monitored
• Employ the culture to perform robust and continuous cyber security awareness programs

More detail about how organisations can implement those best practices will be discussed at a later time in the portal.

 CONCLUSION

Cyber security is an extraordinary and broaden area. It has become very strategic for organisations of all sizes and sectors nowadays.

Such massive increase on the use of the Internet by organisations employees to work remotely, due to the current COVID-19 pandemic, has raised a concern for cyber security professionals and C-Level management. Furthermore, the latest cyber threats (e.g., APT, ransomware) have shown a significant increase on the number of attacks impacting critical infrastructures of organisations of all over the world. New regulations and legislation (e.g., GDPR, the Brazilian LGPD) have become increasingly crucial for organisations to ensure they have sufficient security controls in place to protect their environments from malicious code and actors.

Cyber security is everybody’s responsibility, although many people, unfortunately, still believe that it is only the cyber team’s responsibility.

Changing an organisation mindset in order to buy the idea that everybody must contribute for the protection of its environment isn’t an easy task, especially with minimum, or no support whatsoever, from the board, along with poor practices, and lack of skilled cyber security professionals supporting business areas.

In order to achieve such goal, it is paramount to bear in mind that, continuous cyber awareness programs should be established within organisations to ensure employees are aware of cyber threats, their risks, responsibilities and impact for their businesses.

Having the right cyber security structure, enough power to put things in motion, best practices and support from cyber security experts will also be undoubtedly crucial to help keeping criminals away.

References:

1. https://www.nist.gov
2.https://www.isc2.org