The most effective way of protecting your business against cyber-attacks is to be vigilant and empower your staff through appropriate cyber-security training. Noel Comerford explains.
Cybercrime has seen unprecedented growth in both impact and sophistication over the last few years, and as the crisis in Ukraine continues, the cyber threat landscape is getting blurrier. Even before these increased threats, Irish organisations across public and private sectors were vulnerable, as we saw in May 2021 when the HSE was the victim of a cyber-attack.
The European Central Bank and the Irish Central Bank have put businesses on high alert. While the National Cyber Security Centre assessment of the current cyber threat is low, it highlights potential for escalation. There is not only a risk of direct attack, but also a secondary risk of contagion, or secondary impact, from criminal actors reusing cyber warfare tools and techniques.
Cyber criminals are seizing opportunities to interfere, and businesses must remain vigilant as the threats may soon become a reality.
If you’re responsible for keeping your organisation secure, you already know that no organisation – regardless of size or industry – is immune from attack. When an incident occurs, it can quickly escalate, leading to high-profile media attention, financial losses, operational disruption, increased regulatory scrutiny, and damage to customer loyalty and investor confidence.
Having a cyber incident response plan is the first step, but for the plan to be effective it must be tested across the organisation, involving all relevant stakeholders and focusing on key business processes and systems. It’s no longer the sole responsibility of the CTO, CFO, CSO or even the IT manager to protect against attacks.
So, what else can you do to improve your organisations’ resilience to potential cyber-attacks?
Educate your people – Human error is often regarded as the main cause of cyber security incidents. Educating your people on simple steps they can take to protect against attacks is crucial. These include:
not opening suspicious emails;
avoiding unsolicited links in emails;
using secure file sharing solutions; and
supporting people in understanding their role in cyber defence and how to report suspicious behaviour.
Secure your processes – As cyber criminals become more sophisticated, it’s paramount to ensure your systems and processes give the highest possible protection. You can do this by:
ensuring all remote access to your systems requires multi-factor authentication, and all cloud services are correctly and securely configured;
ensuring all software vulnerabilities are patched, especially those known to be exploited in the wild;
if working with Ukrainian organisations, taking extra care to monitor and inspect traffic to and from these parties; and
ensuring availability of those in key cyber response roles in case of emergency.
Understand your risks – Although every industry has its sectoral nuances, the widespread risks are often similar. Understanding where your vulnerabilities lie will help ensure you have the best protection:
take the time to understand the threats and the exposure that may be unique to your organisation;
if operating in the financial services sector, check your SWIFT security;
look for and report on anomalous behaviour in your network; and
use anti-virus and anti-malware solutions.
While government, financial services, energy and critical infrastructure sectors are currently at the most risk because of the situation in Ukraine, the threat is heightened for all industries.
As the risks across the landscape increase, it’s crucial to adopt a heightened security posture and actively design, review and test crisis and backup plans. Staying up to date with news on cyber-attacks and how they are evolving can support you to adapt your approach accordingly.
Finally, empowering employees to understand their risks and take an active role in preventing them will help keep your organisation secure.
Noel Comerford is a Director in the Risk Advisory practice at Deloitte Ireland’.