Tag Archive for: effective

The importance of effective cyber risk management

/in


There is now a greater reliance on digital services for agents, this makes it even more important to review and invest in cybersecurity to manage the risk of potentially disruptive cyber incidents.

39 per cent of UK businesses identified a cyber-attack in the last year according to the UK Government’s Cyber Security Survey 2022, although the report suggests the figure may be even higher as organisations may not be identifying attacks and are therefore under-reporting.

Cyber-attacks are on the rise, but despite this growing risk, less than a quarter (23 per cent) of UK businesses have a formal cybersecurity strategy in place.

In today’s world, no organisation is immune from a cyber-attack or data breach, whether this is due to criminal activity or employee error. From phishing attempts to ransomware, distributed denial of service attacks and malware, businesses face a number of cyber risks.

For any organisation, a cyber incident can be extremely damaging – potentially leading to the loss of data, financial penalties and other costs, as well as reputational damage. One of the biggest impacts on an organisation in the event of a cyber-attack or data breach is business interruption.

Cyber attacks

Effective cyber risk management can help to protect your business and your clients. Attackers will often seek to control computer infrastructure and use it as a platform for carrying out other activities, such as sending spam and phishing emails. They also launch ransomware attacks, locking victims out of their data and demanding a ransom to restore access.

It is important to understand what your cyber vulnerabilities are, and what is required to deal with these vulnerabilities and strengthen your defences. 

Here are some key questions to consider before, during, and after a cyber-attack.

Before

How do you currently understand and manage cyber risk? What are your existing cybersecurity capabilities? 

During

Do you have a tried and tested recovery and continuity plan for cyber incidents that can be immediately activated in the event of an attack or data breach? 

After

If personal data was lost due…

Source…

Steps to Establish an Effective Zero Trust Framework

/in


The fact is we live in a world where bad actors actively target individuals and devices for cyber-attacks, proven by the fact that in 2021, there was a 50% increase in overall attacks per week on corporate networks compared to 2020.

As an outcome, most if not all, companies must plan and execute strategies to protect themselves, their customers and their employees. This reality explains why in 2021, 41% of respondents from a global survey have plans to adopt a zero trust strategy with 72% of respondents adopting zero trust now or in the future.

Cybersecurity Live - Boston

What is zero trust?

First and foremost, an effective zero trust framework is a journey not a destination. Secondly, zero trust is not a switch that can be turned on with one click, but rather it’s a security strategy with multiple processes, tools and technologies all designed to protect “mobile anywhere” end users and company data at a micro level. Net, net, zero trust focuses on secure access, device management and user authentication in order to gain access to applications and data.

The good news, it is likely that you already have some of the tools and technologies that fit into a zero trust framework, but you need implement them at a micro level. So, how do you prioritize zero trust tools and technologies and how do you build out your framework?

Tools and technologies to assess and implement as a starting point

  1. Review your current company policies and ensure they are aligned with today’s dynamic work environments and can accommodate flexibility related to access rights and the use of personal devices.
  2. Apply an application/cloud/service proxy tool that “wraps” an application and isolates the application on a device.
  3. Protect corporate data via an endpoint management solution at a micro level ultimately mitigating concern that “big brother” is targeting personal data.
  4. Utilize mobile device management tools to create profiles that can delete company data if an employee leaves without impacting personal data.
  5. Implement micro level data protection encryption to applications and data to ensure no sensitive date is stored on a device.

Practical steps for starting or continuing a zero trust journey

  • Discover your assets,…

Source…

The ‘A-B-C’ of effective application security

/in


Article by Barracuda APAC director of sales engineering, Mark Lukie.

Software applications have been a key tool for businesses for decades, but the way they are designed and operated has changed during the past few years.

Rather than running on servers within a datacentre, they are increasingly located on cloud platforms and accessed via the internet. While this has significantly improved functionality, it has big consequences for IT security.

Applications that are exposed to the internet have become a favoured target for cybercriminals. They recognise that a successful breach could provide access to a target organisation’s wider infrastructure.

The problem has become even more acute as a result of pandemic disruptions. Many organisations were forced to quickly make more applications available via the internet so that remote workers could continue their roles.

Unfortunately, sufficient priority was not given to security, and in many cases, applications are now vulnerable to attack. Techniques being used include SQL injection, cross-site scripting, and command injection.

To improve this situation, organisations must focus on the ‘A-B-C’ of software security:

‘A’ is for API security

For many years, APIs were used primarily in the backend of business applications, performing machine-to-machine communication. Today, however, APIs are everywhere, and they enable most of the applications used in daily life. They are the core of businesses, powering modern digital platforms and enabling digital transformation.

Many businesses have turned to developing applications with an ‘API first’ strategy, allowing them to innovate and go to market more quickly. APIs enable fast delivery when used with agile and DevOps practices, allowing developers to quickly build and release new functionalities for web and mobile applications.

When it comes to security, the growth of APIs and their direct access to critical data has made them a prime target for attackers. APIs are built for automation, which makes finding and exploiting insecure ones potentially very lucrative.

For these reasons, API security needs to be high on the priority list for all security teams. They should…

Source…

IP addressing could support effective network security, but would it be worth it?

/in


Why is it that over 90% of enterprises tell me that they expect to spend more on security over the next three years, and almost 60% say they expect to spend less on networking? We obviously think that network technology is getting more efficient, more competitive. Why isn’t that the case for security? The short answer is that enterprises have been chasing acronyms and not solutions.

Acronym-chasing comes about because by nature, security is hard to plan for. The average network expert finds out there’s an issue because some higher-up reads or hears about a breach. Maybe they do a quick search, and they find out that what they really need is SASE. Or maybe they need SSE, which we’re told is SASE without SD-WAN. In any event, what happens is that there’s pressure to add this new thing on, and that creates another layer of protection…maybe.  Complication and cost? Surely.

Chasing acronyms is bad, but there may be a lesson in the latest security equation: SSE equals SASE minus SD-WAN, right? Well, maybe the minus-SD-WAN piece is where we’re going wrong, because a lot of our security cost and complexity problems could be solved by letting the network play a role in its own protection, and we actually know how to do that. In fact, it leverages networking’s fundamental property: addressing.

You can’t have connections if you can’t address the things being connected. The power to address is the power to hack. All of networking is about addressing, and it shouldn’t be a surprise that addressing could play a major role in security. Tools like IPvirtual private networks, private IP addresses, and (yes) virtual networks and software-defined WANs are widely available but not always effectively used.

VPNs can reduce risk of intrusions

Let’s start with VPNs. The number of enterprises who don’t use IP VPNs in some form is statistically insignificant. An IP VPN is a form of what used to be called a closed user group, a community range of addresses that can freely communicate but are isolated from the internet unless their addresses are explicitly exposed.  However, all VPN users can reach other VPN users, where private IP addresses can isolate one…

Source…