Recent high profile hacks have quadrupled the demand for cyber security experts, pushing consultancy prices up as companies desperate not to be next on the wall of shame clamour for their services. But jumping on the bandwagon might not be the most effective or cost efficient way of improving your security posture. Instead, take a look in the mirror and see if the answer lies within.
The recent tidal wave of demand for cyber security expertise sweeping through boardrooms, driving up the rates on a limited supply of skilled, experienced professionals will leave many feeling that the cost of security is too high a price to pay. They might prefer to leave their reputation, customers, employees and ultimately their business (not to mention some sleepless nights) at the whim of the hackers.
Well, here’s the good news … you can significantly improve your security posture and help protect your business with just a few simple steps. Measures that won’t guarantee you protection from determined or sophisticated attacks but will nonetheless deter the vast majority of assailants and minimise the impact should your defences be breached.
A quick look at some of this year’s high profile incidents reveals that many exploited simple vulnerabilities (well understood by the security industry and criminals alike) were exasperated by poor practices and could have been easily prevented.
TalkTalk and V-tech, for example, were both victims of SQL injection, a technique that allows attackers to insert SQL code into an application’s dialog boxes and gain direct, unauthenticated access to the information held in the underlying database. Such an attack can be easily prevented by simple software development techniques such as verifying that the data entered does not contain anything unexpected (input sanitisation) or only allowing certain pre-determined requests (stored procedures) to extract database information.
In the cases of Ashley Madison and Sony, the entry point may have been more sophisticated or even involved a rogue insider but access to unencrypted data either in the database itself or in files stored by employees containing clear text passwords led to the breach having far reaching consequences.
So here’s what you can do to get some quick wins:
- Improve the overall security awareness of your employees. Our modular awareness programmes can be tailored from a 30-minute “lunch and learn” to full day events, helping people to recognise the threats they face both in their personal lives and at work. They will leave armed with a practical set of tips to reduce both the likelihood and impact of a future security breach.
- Develop your own Cyber Security Capability. By training your developers how to build in security, your QA team how to test for and exploit vulnerabilities, or your sys admins how to identify and respond to a breach, you can improve your security whilst showing commitment to your existing employees, and save money on expensive consultants. Download our free brochure to find out how our industry accredited technical training courses can help you.
- Get a basic assessment such as Cyber Essentials. These assessments will only cover the fundamentals, but the self-assessment questionnaire will help you to prioritise your efforts where they can have the most impact in deterring attacks and minimising there effect.
David Grove is Head of Operations at 7Safe, PA Consulting Group’s technical security practice based at the Cambridge Cyber Development Centre, which has trained over 500 of the UK’s leading ethical hackers and digital forensics professionals.
Our Free Training Consultation will help you to determine your best move in terms of skills courses.
And if you are looking for Cyber Security services you can trust – used by Government organisations and the Police, then click through to 7Safe’s cyber pages: www.7safe.com/cyber-security-services
… before your organisation becomes the next high-profile victim of a cyber-attack.
Had a cyber-incident? Need to know who did to this to you?
Concerned about the online activities of an employee?
Collecting evidence that you can take to the Police or use in civil proceedings?
Read about our Digital Forensics Investigation services: www.7safe.com/digital-investigation-services
Or speak to one of our trained advisers in complete confidence on:
0870 600 1667