High profile breaches make the main headlines every day globally. Advanced Persistent Threats and sophisticated cyber attacks are becoming more and more frequent. These days it is not a case of if companies get breached, but more of when. IBM and the Ponemon Institute’s research points out that cyber crime will cost businesses over €2 Trillion by 2019 and the targets are no longer just large enterprises, but organisations of all sizes.What is more, they have also discovered that the average consolidated total cost of a data breach this year grew from €3.3 million to €3.5 million and the average cost incurred for each lost or stolen record containing sensitive and confidential information increased from €135 to €139.

So, why does this keep happening? What are the Security Basics that every organisation need to be aware of? 

1.Patching is CRUCIAL

This goes without saying. The best way to protect a business from serious vulnerabilities is to ensure there is a solid patching strategy in place and fixing these issues will help to stop the attackers gaining access. Recently, we have seen numerous organisations falling victims of remote-code execution. Remote-code execution is a consequence of an unpatched system that a hacker can infiltrate and take over the system, just like a privileged user. There is a variety of custom built kits called arbitrary code execution kits available on the dark net that will allow hackers to easily exploit vulnerabilities. When these vulnerabilities are exploited they will allow the hacker to run machine code and inject and execute shellcode – thereby having the ability to run arbitrary commands within the network.

2. Security Awareness Is The Silver Bullet

The most basic thing that every organisation needs is security awareness training. Why is something so valuable so largely overlooked, you may ask? We don’t know either!

Security awareness training is all about teaching your colleagues and employees to understand the risks and threats around the ever evolving cyber world. The main purpose is to ensure that these people realise that hackers within organised gangs of cyber criminals will try to deliberately attack, steal, damage or misuse your organisation’s systems and information, and that therefore everyone within the organisation needs to be aware of the associated risk, and thus work to adequately protect the organisation against these risks.

Security awareness training also ensures that employees are fully awake to the consequences of failing to protect the organisation from outside attackers. Such consequences span from criminal penalties to large scale economic damage to the company and the loss of employment. Finally, when the employees are fully aware of why securing data is important, and what systems they need to protect, your security awareness training program should highlight the key ways in which attackers can gain entry to your network, and the necessary steps to curtail these risks.

Are you now convinced that your organisation needs security awareness training?

3. Gaps Let Hackers In

Your network system is not perfect, trust us. But depending on how far from perfect you are, that could be something that may quickly turn things around. Identifying where your security gaps are, what they mean and how they can be solved is the next step in assuring your network system strengthens its security posture. The answer to this is penetration testing. Pen testing or ethical hacking is without a doubt one of the most important security activities an IT department can conduct. After all, a company can spend huge sums of money on expensive security solution to protect each vector only to find that they have been infiltrated by an external hacker or piece of malware with relative ease. At the end of the day it could simply be human error (it usually is) and it is something which cannot be accounted for without an evaluation.

4. AntiVirus Is No Longer Enough

Tavis Ormandy @taviso is a security researcher from Google Zero project who went on a small crusade against the Anti-Virus software this year. All the great brands have fallen under his strikes: Trend Micro, Avast, Kaspersky, Symantec. His latest discovery has detected vulnerabilities from the Symantec range and the vulnerabilities are actually so easy to exploit that the attacker only needs to send an email with a vulnerable attachment which will be automatically checked for malicious code. The irony is that this scan will execute the code and may possibly allow to“easily compromise an entire enterprise fleet”, as Tavis wrote. Pretty scary, eh?

Because antivirus on its own is not enough, companies need sophisticated tools, like IBM QRadar to keep out sophisticated attacks. If your reputation is critical to your ability to conduct business, and you find that the nature of your business may heighten your risk to sophisticated attacks, you might want to consider employing ongoing threat monitoring and management. This approach uses technology designed to improve defense, automate incident response and conduct forensic analysis across a broad range of threats.

In conclusion, the number of data breaches is growing and companies are no longer at rest, which is why every organisation needs a strong cyber security strategy. In this day and age, obtaining 100% protection against threats is nearly impossible but building a strong secure perimeter and having clear visibility over your network will help prevent and minimise cyber attacks. If you want to learn more about building a secure network, we are here to help! Simply contact us today and our security experts will give you the right advice that you need!