The pressure is on, regardless the security maturity level of any organization.
After an incredibly year for security incidents, intrusions and data loss, it is obvious that cybercrime have advantage. Hackers are operating with different requirements and motivations, and employing increasingly sophisticated techniques.
According to Cyber Threat Report Yearbook, the number of successful cyber-attacks on business of all sizes, during the four-year period between 2010 and 2014, increased by 144% and the cost of cyber crime per company increased by 95%.
However, even with these numbers, there is a false sense of security, probably explained because the impact that media headlines gave to companies like Sony, Apple, EBay, Microsoft, giving the idea that SMEs are not an attractive target for cyber criminals.
But when it comes to cybercrime every company is at risk, if it is clear to everyone that what is valuable to cyber criminals is information, such as personally identifiable information (PII) and Intellectual Property (IP), for example ID numbers, financial records, medical records, educational records, employment information, business secrets, competitive campaigns, personal information, passwords and PINs. So, every data that can be extracted and be lucrative is a target.
2015 Security Pressures Report refers that 54% of IT and security professionals felt more pressure to secure their organisations in 2014, and 57% expect to experience more pressure to secure their organisation in 2015. And they have reasons for that.
The results of the Cyber Threat Report show that, between 2013 and 2104:
- Emails containing Malware increased 50%
- Malware URLs increased 159%
- Zero-hour Malware Detection increased 60%
- Phishing URLs increased 233%
- Mobile Malware targeting Android Devices increased 61%
So, what are the options? The Security Pressures Report makes seven recommendations for Information Security Professionals:
- Accept that everyone, including you, is at risk: Operating under the belief that breaches are inevitable allows security professionals to better prepare their strategy;
- Acknowledge that outsiders and insiders can equally hurt you: Attacks waged by outside adversaries attract the most headlines, but threats posed by insiders can be as destructive;
- Turn to advanced solutions: Companies must turn to more advanced threat management solutions, such as next-generation SIEMs, file-integrity monitoring and anti-malware gateways;
- Think security first: Automated vulnerability scanning, ongoing and in-depth penetration testing and web application firewall deployment can help keep reduce the risks;
- Narrow the disconnect between the security group and senior management: Organisations that deploy strong IT governance, in which security-conscious leaders regularly communicate and collaborate with those responsible for security and ensure priorities are being met, are less likely to experience damaging breaches;
- Embrace the revolution: Companies must recognise the exploding risk potential of disruptive and emerging technologies, assess them for vulnerabilities and deploy security controls such as network access control, data loss prevention and encryption;
- Accept a helping hand: There is no shame in turning to an outside partner for help on threat, vulnerability and compliance management.
And we can help you.
ISO 27001 helps you to implement an holistic Information Security System, support by required controls, that allows your company to be better prepared and less vulnerable to cyber threat attacks. Policies, processes, procedures, roles, responsibilities, authorities among others, will make part of the solution for fighting against cyber threats.
COBIT 5 for Information Security, for Cyber Security (using NIST CSF) and for Risk, integrates both business and IT functional responsibilities, providing a clear distinction between information security governance and information security management practices, bringing and holistic guidance on information, structures, culture, policies and their interdependence, improving the global security of your organisation and the risk management.
Ethical Hacking Techniques helps you to understand the hacking approach, techniques, tools used to assess the vulnerabilities of the organization in such a way that can be mitigated or eliminated. Understand how an hacker can attack an organization, is the first step to know how to implement or improve the security measures in place.