One Step Ahead

Digital technology has transformed the way we do business.

One Step Ahead

Reduced costs, increased efficiency and seamless access to data are but a few of the benefits we’ve enjoyed as a result, and technological evolution shows no signs of slowing down. By 2025, the world of work will be almost unrecognisable to those who saw it at the turn of the century. 

However, as technology becomes increasingly sophisticated, so too do the skills of those most likely to breach an organisation’s systems. In our efforts to defend our networks, we inadvertently encourage cyber-criminals to develop new methods to outsmart info-security professionals. 

In turn, we find ourselves in an accelerating cyber arms race, outpaced, unprepared and unprotected. No matter how hard we try to keep up, hackers always seem to be one step ahead. In this rapidly-evolving environment, how can info-security experts ensure they’re not always playing catch up?

1. Actively promote awareness

If the recent string of high-profile cyber-attacks have taught us anything, it’s that it only takes one weak link in an organisation for the doors of their network to be held open for hackers to do their worst. Ultimately, there’s little point in a cybersecurity professional keeping their ear to the ground on new methods used by criminals if the knowledge is not shared throughout the business.

In order to reduce the risk of a data breach, information security specialists must actively promote awareness of common practices with each new development or reported incident. Staff training should be a given, but this is by no means a one-and-done exercise. Communicating the importance of continued learning in this area - at least at the most basic level - is something that cyber-security professionals must push to CEOs if they are to avoid an attack. 

2. Test your incident response plans 

Often, it takes an incident for companies to realise that they are vulnerable. While cyber-security is listed as a top priority for CEOs in 2018, many still fail to take action until it’s too late. In order to identify key pain points within the network of their organisation, an information security professional must become a master method actor; they must throw themselves fully into the mindset of a cyber-criminal and see their employer as a target. 

In doing so, they gain vital insights into particular areas that need addressing: weak passwords, data sharing on mobile devices or increased use of shadow IT, for example. The best way to test a company’s security profile is to run a simulated attack: that way, you can test the responses of senior staff to determine any weak links or poor practices. 

3. Improve your defence 

It goes without saying that a security team needs a reliable stream of incoming intelligence, but in a landscape characterised by constant evolution, the best offence is a good defence. If there’s one aspect of cyber-crime that will never change it’s that hackers will always seek the easiest way in. If they see an obvious entry to a network or computer, they will exploit it. If it looks to be more complicated, they may simply move on in search of their next victim. 

Your aim is to ensure data protection is not just a buzzword in the business, but a core part of it’s strategy. By building barriers around sensitive information, you can help in making your employer unattractive to opportunistic hackers. 

One Step Ahead
Date: 10 December 2018
Author: Alex Masliychuk