By our calculations, over 480 million records were leaked in 2015 through cyber attacks targeting businesses like the Marriott and Hilton hotel chains, dating sites Topface and Ashley Madison, and food and drink sites like JD Wetherspoon and Jamie Oliver, among others.
Causes of security incidents
In 2015, IBM security analysts put 178 security incidents under the magnifying glass to discover how cyber criminals managed to steal information and data. According to their results, the intrusions into companies’ boundaries had a number of causes:
- 45% unauthorised access
- 29% malicious code
- 16% sustained probe/scan
- 6% suspicious activity
- 3% access or credentials abuse
Likelihood of intrusion reduced with basic cyber hygiene
The risks posed by the above causes can be significantly reduced with basic cyber security hygiene. Let’s see how:
- Avoid sustained probe/scan with secure configuration: Computers and network devices should be configured properly to reduce inherent vulnerabilities and provide only the services required to fulfil their intended function.
- Prevent unauthorised access with boundary firewalls and Internet gateways: Any disclosure of, or unauthorised access to, information, applications and computers within the company’s network should be blocked by boundary firewalls, Internet gateways or other network devices.
- Prevent access or credential abuse with access control and administrative privilege management: User accounts, particularly those with special access privileges (e.g. administrative accounts), should be properly managed so that only authorised individuals have access to sensitive materials.
- Avoid suspicious activity with patch management: All software can be prone to security vulnerabilities, which can be exploited by criminal hackers and automated cyber attacks. A patch management programme means that the software used on computers and network devices is always kept up to date and capable of resisting low-level attacks.
- Avoid malicious code with malware protection: Implementing protection against a broad range of malware such as viruses, worms, spyware, botnet software and ransomware will protect your devices, your privacy and your critical information from attack.
Five security controls for basic cyber security hygiene
The five points above describe the five security controls mandated by the Cyber Essentials scheme. They represent five rules for basic cyber security hygiene, and correctly implementing them can protect your company from around 80% of cyber attacks.
Achieving certification is well within your reach: if you are able to implement the five security controls by yourself, you can get your Cyber Essentials certification for just £300 with our Cyber Essentials – Do It Yourself packaged solution. If you need more resources and help to comply with the security controls, the Cyber Essentials – Get A Little Help package might be right for you.
If you are an SME and want to discover what you are risking by not being cyber secure, download this free guide.