Making cyber security simple

April 2, 2019

Cyber division director David Johnson heads up Communicate PLC’s 24/7/365 UK-based Security Operations Centre (SOC). Here, he shares his expertise on cyber security

Why is cyber security important?

Cyber security is a complex beast; however, most breaches Communicate deal with, as part of our incident response, have commonalities. Over 95 per cent of the suspected breaches could be avoided if companies covered two basic but essential tasks regularly, more on that later.

Non-ethical hackers take advantage of weak systems to build credibility among peers or to steal information of value. A breach or attack can disrupt your business operations, causing issues with cash flow and the costs associated with eradication of the attack. Then there is the potential of huge fines and reputational damage.

How can I keep up with emerging/common threats?

Being part of local cyber security groups, such as Dynamo North East and CSIPC, is a great way to learn about what others are doing and to share information to understand the latest threats. Having a dedicated internal team looking after cyber security is essential. Common reasons businesses get hacked is cyber security not being managed by a specialist.

Having dedicated skilled support ensures you don’t waste money on the wrong technology, which causes many of the incidents we see.

What are the latest cyber security trends?

We are seeing an increase in attacks using weaknesses in humans. Social engineering is the act of tricking someone into divulging confidential information or taking action, usually through technology like a phishing attack or social media. In recent years we are also seeing social engineering attacks overtake technical hacking. One of the most recent breaches we worked on was from a director who put his holiday on LinkedIn. This was seen by a hacker who sent emails pretending to be him, claiming he had forgotten to pay an account of the company’s, after the hacker had researched and found a list of clients on a stock market document. This caused a loss of over £50,000. Training staff to be aware of phishing attacks is of huge importance and, in this case, having a process in place to stop payments to new accounts being authorised over an email; this catches out hundreds of companies every month.

What are the essentials you recommend?

I mentioned earlier, there are two basic essentials many companies fail at which you should do if you want to reduce the risk of a breach.

• Patch as often as you can. We know that over 80 per cent of incidents we investigate used weaknesses that had associated fixes in the form of patches or updates.
• Use a vulnerability scan to detect weaknesses in your systems and applications. There are many tools available or you can buy a managed service.

What’s the cost of cyber security?

Cyber security is an investment. Starting with the basics, which can cost very little, reduces your risk of a breach significantly. I would focus on these elements – in this order – patching, vulnerability scanning (weekly), internal training and encryption of devices leaving the office.

I suspect a breach, what now?

The first step is containment, then eradication and finally recovery. If you do not have the skills in-house, get an expert. Many companies wait for days or even weeks to see if they can resolve it themselves. If you’re unsure of the damage, gather as much evidence as you can of what has happened and seek help from an expert.

Communicate Technology PLC
Communicate Technology PLC provides IT, telecoms and cyber security products and services to businesses across the UK and Europe.
For more advice on cyber security, contact the team on: 01274 396629
cyber@communicateplc.com
www.communicateplc.com
@CommunicatePLC

Share