Shadow Brokers, Cloudbleed, WannaCry and then Petya. It’s been enough to make even the most unflappable executive wake up in the middle of the night in a cold sweat wondering if they are secure. This year has seen a proliferation of devastating cyberattacks. Being secure has become the top priority of the Boardroom agenda.
How then do you make your organisation completely secure against cyberattacks?
No organisation can be totally secure but you can mitigate the risk of such attacks being successful. A layered approach to security harnessing different defences can cover the gaps in the others’ protective capabilities. Firewalls, intrusion detection systems, malware scanners, integrity auditing procedures, local storage encryption tools and social engineering training can each help.
An easy mistake is that you invest in sophisticated software but fail to address the vulnerability of your employees. Social engineering is the manipulation of people through psychological or non-technical means, in order to gain access to finance, data, information or even physical access to premises or goods.
According to ‘People Hacker’ expert, Jenny Radcliffe: “We are all at risk from malicious social engineers who would manipulate anyone they can to achieve their goals. However, company staff are especially vulnerable as they provide a good route to accessing an organisation’s information.”
Gradually the hacker gains the trust of the target and then uses that trust to get access to sensitive information like password or bank account details. It’s basically a type of confidence trick for the sake of information gathering, fraud or systems access.
At the heart of mitigating this threat is education. There is a raft of free materials online that provide a good grounding in how to combat it. Events such as IP EXPO and training courses can also be considered to educate staff, spread awareness and help protect employees of all levels from people based hacks.
The good news is that firms are investing more in security than ever before. But let’s hope this spend is focussed as much on educating staff as it is on security software and systems.