Not long ago, malware and other viruses were nothing more than occasional mild annoyances, but cyber crime has become big business in the past few years. With organisations across the world now using the Internet every day to do business, criminals have taken advantage.
With more people to target, and more tools at their disposal, hackers have reshaped the cyber security landscape in the past decade. As a result, organisations’ cyber security defences need to be more complex and broad than ever, taking into account not only technological vulnerabilities, but also the people who use that technology.
Ransomware is a prime example of this phenomenon. Such attacks comprise both a technological component – the malware – but it is most often spread through social engineering. According to a study from network security firm PhishMe, ransomware is delivered by 97% of phishing emails.
How can you keep ahead of evolving cyber threats, then? A white paper from cyber security firm Fortinet says that any cyber defence system needs four elements:
- Prevention: act on known threats and information, utilising next-generation firewalls, endpoint security and secure email gateways.
- Detection: identify new threats with “detection points that span all the access vectors (email, Web, Internet points of presence, etc.).”
- Mitigation: respond to detected intrusions quickly and effectively. “Forensic tools, supporting services and integrations with an organisation’s existing threat prevention products have a role to play in this effort.”
- Repetition: continue to do perform this process, and “include an automatic feedback loop for constant learning and improvement to ensure its effectiveness continues to improve.”
Improve your information security with ISO 27001
If you want to learn more about keeping your information secure, you should download our free ISO 27001 fact sheet. ISO 27001 is the international standard that describes best practice for an information security management system (ISMS). Achieving accredited certification to ISO 27001 demonstrates that your company is following information security best practice. It covers people, processes and technology, recognising that information security is not about technology alone.
- How ISO 227001 can improve information security
- The benefits of achieving certification
- What to consider when tackling the Standard
- How to overcome the initial barriers of implementation