A 3-step approach to effective cyber security

digits-705666_1280Between April and June 2016, the Information Commissioner’s Office opened 545 new data security cases (22% more than in the previous quarter), 50 of which were cyber incident reports. The three most common cyber incidents were:

  1. Cyber security misconfiguration (28%) – unauthorised people accessing and viewing personal information because of incorrect security settings and a lack of user access management.
  2. Exfiltration (26%) – unauthorised access and transfer of sensitive information from the data controller’s system to another location controlled by hackers.
  3. Phishing (18%) – a form of cyber attack based on bogus emails targeting and tricking staff into disclosing login credentials and other valuable information.

These three categories of cyber incident show us how cyber criminals exploit flaws and vulnerabilities that are both within and beyond our control – anti-malware software and firewalls can control and block unwanted traffic, but staff behaviour is impossible to control. They can be influenced, though. That’s why any cyber security strategy should take a holistic approach.

People, processes and technology for a sound cyber security strategy

An effective cyber security strategy based on people, processes and technology can dramatically reduce the risk of cyber threats and mitigate the consequences.

  • Technology – once cyber risks have been identified, the next step is to implement appropriate measures to prevent or mitigate their impact. Secure configuration, boundary firewalls and Internet gateways, access controls and administrative privilege management, patch management, and malware protection are the five security controls mandated by the Cyber Essentials scheme, and can prevent around 80% of Internet-based threats. Download the free guide “Cyber Essentials for SMEs” to learn more >>

Being cyber unsecure costs you more than being cyber secure. The money you spend on recovering from a cyber attack can be better invested in a sound cyber security strategy based on people, processes and technology.

Adopt this three-step approach to cyber security!