The risks to your overall IT security strategy are numerous. At times, the cyber threat is greater than at any other point. Today we look at what to do if that happens and we also look at key cyber security risks.
What is cyber security risk?
Simply put, it is the likelihood of your organisation experiencing a loss due to a cyber-attack or data breach. The loss could be financial, reputation-based or both. The loss could also affect others if their personal data falls into the hands of malicious actors, for example.
There is always a certain level of risk at any one time. Cyber threats have multiplied in recent years due to the huge global reliance placed upon computers, networks, programs and data. Data breaches are becoming commonplace and can have a devastating effect on businesses. Growth in connectivity and cloud services has also served to increase the risk of external cyber-attacks. In the past, IT risk management and access control were effective tools against these. Nowadays, however, far more sophisticated cyber security methods are required.
Cyber security risk levels
Whilst there is always an element of risk, threat levels can often be heightened. There may be an increase in hacking activity, for example. Or, there might be other factors involved, such as a new update being issued that is found to contain vulnerabilities.
Our advice is to maintain a robust security infrastructure as a matter of course. Infuse your organisation with a high level of cyber awareness.
What to do when the risk is high
- Check system patching (for all devices in use and for all systems)
- Verify your access controls
- Ensure defences are working (check antivirus software and firewall rules)
- Keep all logs monitored and up-to-date
- Review backups
- Implement an incident plan and update it regularly
- Check your internet footprint
- Ensure staff are aware of your phishing response
- Verify third party access
Key cyber security risks
There are 6 common types of cyber security risk:
- Nation states
- Cyber-criminals
- Hacktivists
- Insiders / service providers
- Substandard products / services
- Poor configuration of cloud services
Regardless of whether or not these apply to your organisation, know the type of data you are storing and processing. What information might you hold that could cause major disruption? Consider the following as potential targets for cyber-criminals:
- Customer / employee data
- Third / fourth party vendors
- Intellectual property
- Contract terms and pricing
- Strategic planning
- Financial data
If you require further guidance with cyber security, CRIBB can help.