Your ultimate guide to cyber security


Criminals want to make money out of you.

The internet gives them that opportunity.

The threat landscape is dominated by well-funded and business like adversaries using extremely sophisticated, targeted attacks.

In addition, many businesses are still falling foul of negligent employees who continue to put businesses at risk.

Despite this, many organisations are simply not doing enough to tackle the battle against cybercrime and are overlooking the IT fundamentals that can enhance their ability to mitigate risk.

Each and every organisation should consider the possibility that they may have already been breached however, big or small they are.

Everyone is a target. Organisations need to act now.

The Scale of the problem

The modern world is now heavily reliant on the Internet.

Websites and social media have become vital channels of communication allowing companies to interact and sell to customers.

Businesses are also providing employees and partners with online access to their systems, and facilitating flexible working through cloud computing.

As the significance of the Internet has grown, however, so has the ability of cyber criminals to attack.

Their incentive is driven by increasing value placed upon data, which is now a highly prized commodity across the world.

As a result, the scale of the threat is at its highest level and organised gangs, nation states and even bedroom hackers worldwide are targeting some of the world's biggest and smallest firms.

And, its never been easier with sophisticated cybercriminal tools kits now avalible for just a few thousand pounds. Everyone is vunerable to attack.

Variety of attacks

Denial of Service Attack: Or DoS attack as it is also known is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

Phishing: This is the fraudulent practice of sending emails purporting to be from a reputable source in order to encourage individuals to reveal personal information, such as passwords, credit card numbers online as well as occasionally money through indirect means.

Water holing: Creating either a fake or legitimate website in order to exploit users using it. Scanning: Randomly attacking large sections of the Internet.

Spear-phishing: Similar to phishing but involves sending targeted emails to individuals that could contain an attachment with malicious software, or a link to down load an infected file.

Subverting the supply chain: To attack software or equipment that is being delivered to a business.

Time for businesses to get smarter when tackling cyber attacks

The topic of cyber security is increasingly at the top of the agenda for business leaders, especially with the number of ransomware attacks on the rise.

According to research from McAfee, ransomware attacks – in which corporate data is hacked and held hostage by cyber criminals in return for financial payments – have risen more than ten-fold in the last two and a half years.

This rise is in part due to hacking methods becoming more sophisticated with cyber criminals having evolved their techniques from the more traditional routes such as malware, worms or viruses, for which IT defences are designed for.

Instead, hackers are looking to new tactics including the hiring of moles or internal spies – such as former or existing employees – to pinpoint weaknesses within the businesses and tap into data in return for a monetary sum or other incentive.

Small businesses a prime target

It is often only global corporations that we hear are experiencing these attacks, with eBay and Domino’s Pizza just two brands to have had personal records held to ransom in 2014.

While they certainly create headlines, it is largely SMEs that are most at risk – due in part to a limited awareness as well as insufficient security measures.

In fact, a recent survey from Kaspersky Lab, revealed that three quarters of SMEs believed their business was too small to be of interest to cyber criminals with just under 60% of respondents stating that they thought the data they held would simply not be of interest.

And yet an attack can have devastating consequences on a business, damaging its reputation and causing customers to undergo a serious crisis of confidence.

Prevention, not cure A number of these attacks are successful due to outdated systems and processes.

It’s easy for businesses to slip in to a ‘fit and forget’ culture whereby security defences – including anti-virus software, software patches and firewalls – are installed but neglected soon after.

This includes the need to make regular checks and ensure that software remains up-to-date.

By sidestepping this, businesses are finding themselves with a number of legacy processes that are simply not sufficient to protect against modern threats. Read more and claim your free cyber security assessment here.