Stephen O'Connell, sales and marketing director at Advantex, says regional businesses need to take a fresh look at their IT security to ensure it's fit for purpose as Covid restrictions lift
It’s fair to say that the last 18 months have been extremely challenging for owners and managers trying to balance the needs of running a business with ensuring staff working remotely online are safe and secure. This in turn, has placed the onus on those with responsibility for IT to have an effective strategy in place to combat the daily threat of cyber-attacks. Now, as more people drift back to the workplace in a post lockdown world, it’s timely for businesses to review their current IT cyber security provision to see if it remains fit for purpose and will respond effectively to evolving threats. No longer can we hide our data behind a firewall and install anti-virus on the endpoints. Security has become a layered solution with different threats and different ways of monitoring, catching and preventing those attacks. A defence in depth’ strategy is required. Imagine your data is the centre of an onion – we need multiple layers around that data to protect the core, meaning any attacker needs to break through a multitude of security controls.
Essentially though, there are two key threats to look at first when you review your layers: malware and phishing. Malicious cyber attacks are rising, with 2021 already seeing an increase in activity and high-profile ransom attacks against critical infrastructure and companies. The amount of ransom demanded has also significantly increased, with some demands reaching tens of millions of pounds. And the attacks are becoming ever more sophisticated, with criminals seizing sensitive company data and selling it on the dark web, or holding companies to ransom with extortionate payments for its safe return.
However, there are simple proactive steps that should be taken to reduce the risk of an attack and the damage that can be caused. Chief among these is to review your anti-ransom programmes and protocols. There is now sophisticated anti malware, cloud-delivered software such as Cisco Umbrella and Cisco Secure Email readily available to provide the highest levels of protection and keep people and businesses safe and secure as part of any response to threats. The key to success to is to have that layered anti-virus, anti-malware, cloud security and end point security in place which makes it ever more difficult for hackers to break through defensive walls and steal your data at the core of your security.
Tackling the phishing threat is the second priority currently for business. Like malware, attacks are on the growing and are among the most prevalent security challenges both people and organisations face in securing their information. Whether it’s access to user details, passwords, financial information or other highly sensitive information, hackers are using email, social media, phone calls, and any form of communications they can to successfully steal valuable data.
Companies are attractive targets for crafty criminals, so owners and managers must keep a check on current phishing strategies and ensure that their security policies and solutions can eliminate evolving threats. It is equally as important to make sure that their employees understand the types of attacks they could face, the risks, and how to address them – vigilant, better informed employees and properly secured systems are key when protecting your company from phishing attacks. Multi factor authentication technologies such as Cisco Duo are highly effective in combating phishing and should be considered as part of a review to alleviate the threats.
These are unprecedented times in the world of cyber security. Most companies and business leaders who have to make decisions around a ransom attack will find it hard to envision a situation in which they would be in a discussion on whether and how much ransom to pay to hackers who are holding the company hostage. With forethought, preparation and up-to-date cyber security technologies in place together with an effective plan, your company can cut the risk and be better prepared to deal with the unthinkable.