Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
DADA/Articles/st40_ProtectIndustry.md
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
68 lines (54 sloc)
2.92 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Introduction | |
Hopefully, over the course of this module, you will have realised that | |
its difficult to give a "set of rules" for security. The threat | |
landscape is continuously, and the types of vulnerability you will be | |
exposed to change over time. However, understanding why cyber | |
vulnerabilities happen does offer some protection. Keeping up to date | |
with the latest trends in security can also help you be aware of | |
potential threats. | |
This week we look at some general ways of protecting both yourself, | |
and organisations from cyber attack. | |
# Increasing Companies Resilience to attack | |
The Governments National Cyber Security Centre (NCSC) | |
https://www.ncsc.gov.uk/, offers advice on Cyber security for both | |
Organisations and Individuals. There are Guides available on the NCSC | |
website on a wide range of security topics. | |
When it comes to an organisations security, a great place to start is | |
the NCSC's Board toolkit | |
https://www.ncsc.gov.uk/collection/board-toolkit this offers up to | |
date security advice from GCHQ. Some other suggestions for cyber | |
resilience are: | |
The first is to make sure you have some!, we saw earlier in the course | |
that even large organisations have no spend on cyber security. Not | |
taking care of the security of your systems means you are exposing | |
yourself to danger. | |
One step you can take here is to make use of a professional | |
penetration testing company to assess the security of your | |
infrastructure. The companies employ hackers to attack your system, | |
and provide an assessment of the risk. While a large organisation may | |
have In-House security teams, it can also be worthwhile getting a | |
second opinion. | |
Organisations like OWASP also offer tools to check the security of | |
websites, that you can run in-house | |
https://www.owasp.org/index.php/Appendix_A:_Testing_Tools. These are | |
not a substitute for professional testing, but can give some | |
indication of major risks. | |
Raising staff awareness of the threats is also needed. As we saw | |
earlier, a large number of data breaches happen through social | |
engineering and phishing. Having your staff aware of these problems | |
means that they are less likely to accidental "click that link". CPD | |
courses on cyber security are a good start, and it is worth looking at | |
the Cyber Essentials course, from | |
NCSC. https://www.cyberessentials.ncsc.gov.uk/ | |
Finally, you should consider that, security is hard. While we can | |
take every piece of advice, there can be little protection against a | |
determined hacker or zero day vulnerability. However, having a high | |
level of security in your business can make you a less tempting | |
target. Considering the limitations hardware in your system is also | |
important. While Firewalls, and antivirus systems can help, there is | |
no "Magic Bullet" for cyber problems. Having a incident response and | |
recovery plan, will help protect you if the worst happens. | |
# Links | |
https://www.ncsc.gov.uk/ | |
https://www.cyberessentials.ncsc.gov.uk/ | |
https://www.ncsc.gov.uk/collection/board-toolkit |