John Edwards, the UK Information Commissioner, has recently stated
“the biggest cyber risk businesses face is not from hackers outside of their company but from complacency within their company”
– how true.
SMBs are increasingly exposed via their cloud infrastructure, with over half experiencing an increase in the volume (56%) and complexity (59%) of attacks over the past year, according to Sophos. The retail sector has proven especially vulnerable. Trustwave reports that retail is on the receiving end of 24% of all cyber attacks, more than any other industry.
Cyber crime’s prevalence and costs are significant and the need for vigilant cyber security measures is paramount. The emergence of intelligent networks made up of many interconnected devices across a range of sectors has created a whole new world of vulnerabilities for cyber criminals to exploit.
Ensuring robust cyber security measures are implemented and managed to strengthen existing cyber security capabilities makes such a difference.
Interestingly, victims of a cyber attack often suffer another one in the following 12 to 24 months. In these cases, companies have not thoroughly analysed the dynamics of the attack, cannot ensure that the threat actor is not still in the company’s systems, and have not taken corrective actions to remedy the attack.
If you haven’t come across the Centre for Internet Security (CIS) before, it is a free resource providing more than 100 configuration guidelines across 25+ vendor product families to safeguard systems against today’s evolving cyber threats. Whether you use it to map against the NCSC Cyber Assessment Framework or Cyber Essentials standard, it is a very useful resource.