Cyber security

 


Its time to stop being confused about the cyber security



Grant Barnes, Threat and Vulnerability Manager at Cantium Business Solutions defines how a shift in mindset from feeling like a victim of cyber-attacks to a proactive defender of our digital assets can help in raising our educational awareness of cyber security threats.


The public sector manages vital infrastructure by making it a high-value target for cyber criminals. A cyber security breach can have far-reaching consequences including compromised national security, disrupted public services, financial losses, and a decline in citizen trust.


So, it is understandable that public sector organizations and teams can feel vulnerable even before an issue has occurred. 


How can we shift the mindset from victim to proactive defender? 


From my experience, it’s through acknowledgement and understanding. It’s OK as an individual and even as an organization to be confused about cyber security. We see endless headlines about


data breaches and hackers and we hear changing and conflicting advice about what we should and shouldn’t be doing all while technology and cyber risks are evolving.


How To Navigate This?


To navigate this, it is important to have your security team whether that be internal or third party, who can explain your organisation’s exposure clearly. This is where you need not be afraid to say that you do not understand. Your professionals can explain in a way that works for you as an individual. They can compare the situation to common themes or other areas of  business and  consider  not just the impact but also the probability.


Not all hackers wear hoods:


Common misconceptions widely reported and shared online have been contributed to the confusion around cyber. The biggest


one in my experience is that a cyber-attack is usually initiated by a hooded individual in a dark room? furiously tapping away at his keyboard and performing incredibly complex software coding. When in reality what tends to occur is that sensitive details are listed on the dark web for sale. Someone takes the opportunity to purchase these details and then tries check on their luck to see if anyone is using the same password for multiple services. No real hacking is involved in gaining an entry point to your infrastructure, it is just a manipulation of human psychology.


Main Challenges:


The main challenge teams face when it comes to admitting their defences fell short is the financial implications. Customer


perception of the business may change and could result in a reduction in revenue. There could be fines from the Information Commissioner’s Office (ICO.) There could also be further investments required to now react to and bolster cyber defences.


Managing fear and uncertainty:


Education and awareness can contribute to reduce the stigma associated with cybercrime and breaches. Cyber security teams as a whole are responsible for not only the defense of the organization but also the source of truth.


It is our responsibility as a team to escalate the correct risks for acknowledgement and decision-making but also to assure organizations that the day-to-day operations can react too.


Explaining With An Example 


A CEO read about a Checkpoint 0-day attack knowing the business uses checkpoint products should be aware that his team receives a weekly executive security report. There are some processes and procedures in place to react to 0 days and can therefore be confident in reviewing the executive security report to address any concerns and to understand if further more information on the risk is needed or not.


National Cyber Security Centre (NCSC) In  UK


In UK we are lucky to have the National Cyber Security Centre (NCSC), a public-facing entity of GCHQ, the UK’s intelligence, security, and cyber agency, who actively work with the organizations to bring awareness to this issue and to help businesses react and navigate incident response as well as best practices.



As well as this fantastic resource, there are proactive steps individuals and organizations can take to reduce their vulnerability to cyber-attacks before they occur. This comes back to acknowledgement and education. We need to move away from cyber security being a complex and hard to navigate area. 


Here is what we need to focus on to improve our awareness:


Education on phishing and what ALL your corporate login pages look like.


Protection 


Protections on email systems and changing email habits; education on why we should pause before sending and run through a security checklist.



 

Investment 


Very importantly, invest in your cyber defense tooling, understand your exposure and the steps as an organization you need to take to protect citizen or customer data.



Fail to plan and you plan to fail:


There are potential long-term consequences for departments that delay to invest in cybersecurity until after experiencing a breach particularly in terms of reputational damage.


Lack OF Trust 


For public services, one of the worst-case scenarios is a lack of trust. You’ll see your relationships with your end users quickly disappear and your organization will soon be viewed in a negative light.




And this is just the worst-case scenario for the service itself. If you are an executive responsible for the posture of the service or you are an employee working for this organization you are then met with negative bias in interviews or other developmental opportunities.

Need of professional security team:

While cyber threats continue to evolve, we are also constantly learning about new ways to protect our digital assets. So the only way we are going to combat future attacks is through education and awareness, and that support will come from your professional security team.





LEAVE A REPLY Before Closing The Article 


Comments

Post a Comment

Popular posts from this blog

AI and Employment

Image
How Artificial intelligence Will Change Work in the Public Area As a component of Worldwide Work Day: CAF features how computerization and Artificial Intelligence can each play correlative parts, increment creation in a huge arrangement of errands, and produce work in the district's public area.  Impacts On Public Sector Employment: The Impact of AI and Automation on Public Sector Employment The development of a workforce with the appropriate profiles and skills to adapt to the transformation that jobs in various sectors will undergo in the future has become one of the new challenges that governments have faced as a result of automation and artificial intelligence (AI). Potential Impacts A CAF study titled "Potential Impact of the Use of Artificial Intelligence on Public Employment in Latin America" says that while some jobs may be automated—implying a loss of human labor as a result of automation—there are other jobs for which technology could complement or enhance human...
Read more