21 July 2016
Blogs by author: Mark Hughes, President, BT Security
You can’t protect yourself from a threat you can’t see. Here’s how to get a clear view of the risks your organisation faces.
A significant threat.
Everyone knows that cyber security is a growing problem. The UK National Crime Agency recently highlighted cyber crime as one of the most significant threats facing organisations in Britain.
The UK Government responded to this threat, and related national security concerns, with a pledge to invest £1.9 billion in a National Cyber Plan. Similarly, in America, budget plans for cyber security spending have increased by $5 billion, to $19 billion, for 2017 alone.
What it means for you.
Although significant, this outlay will come to nothing if organisations fail to develop a clear idea of the risks. Many businesses continue to focus only on defending their systems. And this leaves them vulnerable to attack, because they haven’t invested in actually understanding the threats themselves.
If you have no idea how you’ll be attacked, then the money you spend trying to defend your organisation will often be wasted. That’s why you have to move beyond this narrow thinking to look at what the risks are, how to manage them and how to recover from attacks.
What you need to do.
To get a clear view of your threat landscape and a better idea of how to defend yourself, you have to:
1. Be aware of the changing nature of cyber threats.
Every day, new viruses are created and distributed. Even traditional threats are becoming increasingly difficult to spot. For example, at the end of the 2015/16 tax year, many UK tax payers received malware in advice emails supposedly from the tax authorities.
Phishing campaigns are another constantly evolving threat. New tactics include ‘CEO crime’, or ‘whaling’, where employees are sent supposedly internal emails from senior executives, asking them to wire money to a named account or pay a bill.
It’s these evolutions which reinforce how important it is for companies to stay vigilant. Organisations need to be aware of how the threat landscape is changing in order to protect themselves effectively.
2. Look ahead to the threats you’ll face in one or two years’ time.
As the old saying goes, ‘fail to plan, plan to fail’. There are clear trends in the threat landscape and these give clues about future attacks. Knowing what these are means you can make sure you’re not vulnerable to them.
The financial sector is an example, as potential attackers increasingly gain more information about the value chain, and target this sector.
3. Identify potential vulnerabilities within your networks.
This involves looking at your organisation in light of the current, and future, threat landscape. Cyber criminals are constantly finding new ways to monetise and compromise data and other business functions. This means areas which were once not ‘worth’ protecting, need a security overhaul.
Businesses, data and business functions that used to be of minor interest to attackers are now targets. An example is ransomware. While your data may not be worth a great deal on the black market, it’s incredibly valuable to you. By ransoming your data back to you, cyber criminals tap into different approaches to monetising information.
Take effective action today.
As this blog shows, you have to know what you’re up against to take effective action. For more information about the threats your organisation faces, read the white paper we produced with KPMG, ‘Taking the Offensive — Disrupting Cyber Crime’.
In our next blog, we’ll take a good look at the different levels of cyber crime you have to fight.