It has been forty years since the first anti-virus software, Reaper, was invented, in response to the first recognized computer virus, Creeper.
Creeper was created as an experimental self-duplicating program. Its intent was not to inflict damage but to corrupt computers operating on the TENEX operating system by messing around the installed printers and catching them in a loop. Creeper was designed to assess whether a self-replicating program was possible.
Forty years on, it’s amazing to reflect on how far technology has advanced. Unfortunately, not all advancements bring benefits without associated pitfalls. The methods cybercriminals use to attack IT systems are increasingly complex and sophisticated as threat actors set their sights on monetary gains. Hackers have evolved from lone wolves creating a simple security test, to highly organised criminal groups whose primary aim is to make as much money, or cause as much destruction as possible.
Today’s hackers are determined to push the boundaries of malware and social engineering to devise new infection tactics. As a result, it is crucial that organisations remain vigilant in their efforts to keep pace with the latest criminal schemes.
This article shares three practical tips to help businesses protect against modern-day cybersecurity threats.
Defend your organisation with employee education
Employees are the first line of cyber defence for any organisation. Even with the most sophisticated cyber security software in place, technology is rendered useless if an employee clicks on a dangerous phishing link and unknowingly grants cyber criminals access to business infrastructure and confidential data. It’s like turning on a sophisticated home security alarm and double-locking your doors but leaving a window open – you’ll be left cleaning up a mess if the bad guys get in.
Empower employees with the knowledge they need to stay ahead the latest cyber risks. Security awareness training programmes provide real-time insight into the latest threats including social engineering, malware, and industry-specific compliance topics. Attack simulations are another great way to ensure employees are well-educated and they help identify if additional training is needed.
Build robust cyber resilience
The economics are clear, cybercriminals are not cutting their budgets. This means organisations must also invest adequately in their cyber resilience posture to protect against cyber threats.
There are two essential elements organisations should include in their cyber resilience plan: data security and data protection.
As well as education mentioned above, data security incorporates endpoint protection, as well as network protection such as filtering for DNS, web and email traffic. This should be underpinned by technology such as comprehensive email filtering, anti-virus protection, sensible password policies, password management, multi-factor authentication and the careful locking down of all unnecessary exposure to internet compromise.
Data protection entails automated, encrypted backup and recovery for endpoints, servers and cloud assets, to defend against ransomware, hardware failure, device loss or theft.
Together, these elements deliver end-to-end cyber resilience that keep an organizations’ data protected. And if systems or confidential data have been comprised, data security and protection technology will stop the lateral movement so that businesses can quickly recover from cyberattacks and accidental data loss.
Ensure multi-layer security is in place
A single layer of defence is not enough to sufficiently reduce an organisation’s exposure to risk. A cyber resilience plan must be multi-layered and include numerous elements of prevention, response, and the ability to quickly mitigate and recover when an attack is detected. Email security and protection; DNS (URL/IP) protection; endpoint protection; managed detection and response (MDR); endpoint, server, and cloud backup; disaster recovery; and security awareness training are all essential elements of a multi-layered approach.
In today’s hybrid work environment, multifactor authentication is essential. Regular patching and monitoring are also vital additions to the layers of defences businesses need to build. Companies also must have clearly defined security policies and procedures regarding password management.
Last year, the number of cyber-attacks and data breaches increased by 15.1% –this trend is expected to continue. As both the volume and sophistication of cyber-attacks increase, organisations need to implement robust security systems, processes, and staff training – otherwise, cyber resilience will be impossible to achieve, leaving organisations too exposed to the next wave of attacks.
