Exposed or Enclosed?
So there is lots of hysteria around cyber security at the moment. People seem to be panicking about this ‘brand new’ threat that has appeared on the scene, Cybercrime. The reality is cybercrime, or at least the principles of cybercrime, has been around for quite a while now. The only things that have changed over time are the methods of exploitation. I believe those that are in a state of hysteria are those that haven’t really spent a great deal of time looking into, or at least thinking about, cybercrime.
Cybercrime is about stealing or exploiting the control of assets, a classic example of this being ransomware. A cybercriminal will have control of something you deem valuable, and will demand remuneration, or ransom, to hand back control. Cyber security is about protecting those assets, and protecting them on a continual basis.
There may be organisations out there with minimal assets and next to no vulnerabilities, making them hard to exploit, however, it would be naive to believe that there is never a way. Finding ‘the way’ is almost the ethos of hacking. Each individual should understand that there will always be a way, and nothing on this earth should be deemed impenetrable to the well-trained cybercriminal.
Organisations face vulnerabilities in three areas
Vulnerabilities within organisations can be found in three areas: People, Process, and Technology. Every company will be able to place a confidence level on the security of each of these areas based on subjective and objective evidence.
Results from testing these are good indicators of known and unknown vulnerabilities. The real challenge with basing confidence levels on tested results is the validity and frequency of those tests. The difference between perceived security and real security relies on continual testing against the new benchmark of ‘secure’. This benchmark is moving faster that ever, and it can be seen that many companies are struggling to keep up.
In-between trying to determine whether it’s best to just become a recluse and rid yourself of anything tech, I do propose a solution and a simple one at that. Start a conversation within your teams. Ask the questions, what assets do we have? Which are most valuable? What is the best method of protecting them?
There are many vendors to choose from, but who is right for you?
The market for testing and protecting is nearing maturity, with thousands of vendors that are able to validate if you are vulnerable or not through a variety of testing methods. In terms of selecting a vendor, I may be biased to suggest that Unipart Cyber Security are up there with the best, but they really are!
Why do I claim this? Simple, they as a business are extremely close to, if not in line with, the ever-changing benchmark of security, incorporating old and new, redefining and improving their processes with each test they undertake. I have seen the outcomes of each test, and not only do they find your potential weaknesses, they provide unequivocal, bespoke, step-by-step guides on how to fix them.
The only decision you have to make when investing in cyber security is how much risk you want to take. By investing the bare minimum you are likely to leave those assets wide open to attack, however, invest your entire bottom line appropriately, you may be going slightly ‘over the top’ in terms of return in investment. Like all things in life, find the middle ground and do what you feel is best for your organisation. But you must ask the question now, ‘am I exposed or am I enclosed?’
Author: Johnty Mongan, Business Development Manger, Unipart Cyber Security
Johnty is Unipart Cyber Security’s Business Development Manager. With many years selling in a variety of sectors, he helps small to medium sized organisations protect themselves from cyber crime.