Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

DADA/Articles/st40_ProtectIndustry.md

Go to file
 
 
Cannot retrieve contributors at this time
Introduction Increasing Companies Resilience to attack Links
68 lines (54 sloc) 2.92 KB
Raw Blame
Open in GitHub Desktop

Introduction

Hopefully, over the course of this module, you will have realised that its difficult to give a "set of rules" for security. The threat landscape is continuously, and the types of vulnerability you will be exposed to change over time. However, understanding why cyber vulnerabilities happen does offer some protection. Keeping up to date with the latest trends in security can also help you be aware of potential threats.

This week we look at some general ways of protecting both yourself, and organisations from cyber attack.

Increasing Companies Resilience to attack

The Governments National Cyber Security Centre (NCSC) https://www.ncsc.gov.uk/, offers advice on Cyber security for both Organisations and Individuals. There are Guides available on the NCSC website on a wide range of security topics.

When it comes to an organisations security, a great place to start is the NCSC's Board toolkit https://www.ncsc.gov.uk/collection/board-toolkit this offers up to date security advice from GCHQ. Some other suggestions for cyber resilience are:

The first is to make sure you have some!, we saw earlier in the course that even large organisations have no spend on cyber security. Not taking care of the security of your systems means you are exposing yourself to danger.

One step you can take here is to make use of a professional penetration testing company to assess the security of your infrastructure. The companies employ hackers to attack your system, and provide an assessment of the risk. While a large organisation may have In-House security teams, it can also be worthwhile getting a second opinion.

Organisations like OWASP also offer tools to check the security of websites, that you can run in-house https://www.owasp.org/index.php/Appendix_A:_Testing_Tools. These are not a substitute for professional testing, but can give some indication of major risks.

Raising staff awareness of the threats is also needed. As we saw earlier, a large number of data breaches happen through social engineering and phishing. Having your staff aware of these problems means that they are less likely to accidental "click that link". CPD courses on cyber security are a good start, and it is worth looking at the Cyber Essentials course, from NCSC. https://www.cyberessentials.ncsc.gov.uk/

Finally, you should consider that, security is hard. While we can take every piece of advice, there can be little protection against a determined hacker or zero day vulnerability. However, having a high level of security in your business can make you a less tempting target. Considering the limitations hardware in your system is also important. While Firewalls, and antivirus systems can help, there is no "Magic Bullet" for cyber problems. Having a incident response and recovery plan, will help protect you if the worst happens.

Links

https://www.ncsc.gov.uk/ https://www.cyberessentials.ncsc.gov.uk/ https://www.ncsc.gov.uk/collection/board-toolkit