Cyber security is becoming higher and higher on the boardroom agenda. As more things move online, threats increase and the internet becomes a useful yet dangerous place for business.
UK firms are now uping their cyber security game and investing more and more into security appliances. So if this is the case, why are they not becoming more cyber resiliant?
We go through the five most common mistakes we've seen UK firms make and how to retify to make yours the most secure in the business.
1. The inability to contain threats.
Most businesses we encouter invest in cyber defence. When asked, the vast majority are confident in their ability to prevent cyber attacks. By employing technology to detect an incoming attack, a recent survey by Ponemon found that almost half of respondants where confident in preventing cyber attacks.
Despite the confidence of fending off an attack, the results are much lower when asked how confident they felt in containing attacks.
This lack of confidence in containment resonates with the defence technology being deployed. Most firms, as the results show, focus on defence. This leaves them vunerable when it comes to threats that make it past those defences.
Assuming you are running a reputable, next-generation appliance, the main reason a threat is going to get through is down to it being unknown to the device. Without knowing what it is, the device dosen't regonise it as a vunerabilty and will welcome it into your network with open arms, unable to contain the threat.
This can and does happen and firms are helpless. To avoid this happening to you, you need to choose a device that can quarentine unknown, potential threats.
Products like SonicWALL provide sandbox features with their firewalls. In one product, the device defends, protect and contains anything that has even a slight possiblity of being damaging to your system.
The multi-engine sandbox isolates and quarentines bother threats and unknown files and containes them until you tell it otherwise.
2. No plan/objectives
The number of companies in the UK without an incident response plan has decrease in the past year, but is still an issue for many firms out there. A business would never operate without a fire saftey and emergency plan, but so many are happy to go without a incidence response plan.
Without an incidence response please, your organisation will struggle to follow correct protocol to contain the threat, essentially making the breach much worse in the best case scenario. In the worst case, you could not detect the attack all together.
Although we recomend contacting a professional to asses your business and create an in-depth respose plan. Firms can create their own by including the six phases of the plan:
6. Lessons learned
Studies show that by incorating this into a network security strategy, it will make a significant difference in the ability to achieve high cyber resilience.
3. Off-the-shelf products
Another hardware issue comes with out of the box products. Since next-generation devices have been at hand, products bought straight from the shelf are equally (sometimes more) effective than custom built componants that protect your systems.
The issue here is that many firms think it is a simple case on plus in and go. It's not. But the good news is that this is a simple one to fix. Firmware.
It should second nature in an IT department to reguarly check for and update any and all firmware. By alloting time each day/week to do these checks is an easy and sure fire way to avoid threats and become more resilient by keeping your devices up-to-date with emerging threats.
4. Complicated/complex processes
Something that effects 46% of UK businesses is having complex business and IT processes.
'We have an app for that'. With IoT, always on devices and mobile devices, there's more things than ever to keep an eye on.
IT system administrators have never been spread to finely. So why not make their job easier.
The best way to lessen the load and make a complex system simpler is to lessen the number of processes.
By starting with your network defence, look for something which incorporates many things in one product.
SonicWALL now offers a firewall, anti-virus, anti-malware, host intrusion detection as well as an array of montioring programs. Once the device is set-up, everything can be manged by one simple program, GMS.
5. Lack of training and staffing
This one is last but possibly the most important. You can have the most advanced cyber security technology in the world but at the end of the day it's the people using your network everyday that are you biggest threat.
Due to new forms of cyber attack, employees and innocently the biggest threat to your system now.
The new strain of spearfishing attacks coxes employees into giving out senstive inforamtion and even worse, large sums of money, to crimiinals posing as someone else.
The best way to protect against this is to ensure your employees are in the know and well trained in these kind of attacks.
It can be as simple as creating awareness around the topic and making it a talking point. Without effecting too much of normal business, this brings up the subject and keeps it on the mind of staff members.
Overall UK companies are regonising the importance of becoming cyber resiliant. Incresingly more businesses are investing,planning and improving employee knowledge and skills to make them high-performing organisations in cyber security.