Whilst no-one can prevent a cyber intrusion, the right cyber defences will massively alter the chance of one happening.
Cybersecurity can often seem a frightening risk – therefore requiring incredible, almost magical, hacking skills to break in to anywhere. In reality, the vast majority of successful cyber-attacks today still come down to basic errors in configuration and operation of systems, including:
- The failure to patch systems and software
- Poor network configuration
- Poor credentials
Mitigating the effects of an attack
With sufficient money and resources, you can just about break into anything, but good cyber defences will also mitigate the impact such an intrusion will have on your business when it does. If it is harder to break it, if it takes longer to pivot from system to system, and if the exfiltration of data is more challenging – if follows there is a greater the chance of successful and early detection. None of these factors will be installed by default in your network.
It’s the law
With GDPR (General Data Protection Regulation) in force from May 25th 2018, existing best practice on data security is now written into law. It won’t require every business to become ISO27001 compliant, therefore it will require only basic controls to be in place. Examples of these include:
- A secure connection to the Internet
- Secured devices and software
- Controlled access to data and services
- Protection from malware
- Devices and software supported and kept up to date
As well as your internal network, you should include endpoints – otherwise you could be missing out a large part of your business.