Analysing Your internal cyber security threats & how to stop them
As IT professionals, we are heavily focused on protecting our organisations from external security threats – yet we can often forget about potential threats that lie within our own business.
In fact, a study by IBM found that 60% of cyber security breaches are the result of actions by insiders, and 15.5% of those were unintentional and originated when a worker has accidentally allowed access to the company’s infrastructure without meaning to do so.
To make matters worse, inside breaches often last longer and they’re harder to detect.
Malicious insiders having access to valuable company data and inside attacks can cause irreversible damage to your brand’s reputation and customers’ trust and cost you money.
Lack of awareness and rushing through staff on-boarding also make up the perfect context for a cyber-attack with a high probability of success.
Due to the nature of their job, a lot of employees go through dozens of emails from customers, suppliers and advertisers and manage orders through corporate or third-party applications on daily basis, without having completed necessary security training.
Cybercriminals are aware of the lack of cyber security training amongst most users and they take advantage of it through social engineering and phishing methods.
Using what seems to be legitimate-looking corporate email accounts, cyber attackers can request unsuspecting staff to send over personal information, or even make bank transfers. Although it may sound like an obvious scam, social engineering is still a common threat affecting companies.
Untrained employees may not find logging onto a social media site from a corporate network-attached device or opening an email attachment sent by genuine-looking business contact as a potential treat, but that may lead to malicious files being downloaded that can compromise your entire company’s infrastructure.
When it comes to cyber security, companies need to be proactive, and not only look for security solutions when they have been affected by an attack, but instead looking to implement measures to prevent them.
Here are some of the most important safeguard measures your company needs to take:
Personalised cyber security training
It is crucial that staff are taught how to recognise cyber threats, they are aware of the risks they entail and how to prevent those threats. Cyber security training must be tailored to the nature of your business and the specific role and responsibilities of each employee, depending on the department they are part of and the system level of access they have.
Backup copies of file
Backup copies of key files must be taken and saved to a server and uploaded to the cloud. In the worst case of ransomware attack when access to your equipment is blocked and information in encrypted, you will have a backup copies of all your files.
Implement Class Leading Managed Security Information Event Management (SIEM)
Gain a comprehensive view of internal and external cyber threats to your organisation through consolidated log events and network flow data from thousand of devices. Detect and prioritise threats amongst the mass of data including unusual employee behaviour. Combat the lack of budget, resources and skills needed to effectively manage your SIEM by implementing Citadel Threat Detect powered by IBM Qradar.
Keep operating systems up to date and use antivirus programmes to protect you against possible threats and run periodical checks in order to find and remove malware.
Ensure your employees review email attachments and never open suspicious links. Ensure any external memory drives or USB devices are also scanned before connecting them your work-network computers.
Company policies for dealing with sensitive data
Create specific policies for employees who are handling sensitive data about your company or your customers and ensure all activities are compliant with the GDPR regulation currently in place.
Protocol of action for suspected security breach
Create an action protocol that any of your employees can follow if they suspect a cyber-attack. Your staff needs to know who they can contact when there isn't an obvious security breach, but they suspect that they have opened an email containing malicious file and ensure that hasn’t had damaging consequences or has led to the theft of sensible information.
Are you looking to learn more about overcoming your internal cyber security threats?
Download our latest eBook today and discover what you can do today to ensure your internal network remains secure.