search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
In Focus Risk


Cyber security readiness: from within and without


Is your own internal readiness actually more important than external defences?


Raza Muhammad University of Central Lancashire RMuhammad@uclan.ac.uk


Cyber-security assurance is a challenging issue for most organisations that face online frauds and cyber-attacks, including data breaches, identity theft, hacking, cyber vandalism, dissemination of viruses, and denial-of-service attacks. Other than these attacks, cyber criminals


use techniques like spamming, phishing, malicious code, and network intrusion to commit cybercrimes. These kinds of cyber attacks are increasing daily with the advancement of technology and result mainly from both accidental and intentional misuse by authorised users. Many organisations are aware of external


threats and use common security measures, such as firewalls, intrusion detection and prevention systems, and software-security packages. Help from third parties is also available


for external penetration testing, but internal security readiness is still a major problem. This is because of a markedly low level of awareness, and low level of education, which contribute to a lack of understanding of how insufficient cyber-security measures pose a threat to businesses. For instance, users’ reckless behaviours


towards security tools within organisations, such as sharing passwords and opening unknown e-mails and attachments, is the most common cause of security breaches. These user actions and behaviours could open the doors for cyber attackers. As a result, organisations remain under threat from the hackers and cyber criminals. Internal readiness also includes having


proper policies and procedures, as well as well-rehearsed action plans, which ensure


42


Mahmood Shah Senior lecurer, Coventry University ac3559@coventry.ac.uk


Users’ reckless behaviours towards security tools within organisations, such as sharing passwords and opening unknown e-mails and attachments, is the most common cause of security breaches


that the organisation is proactive in building cyber defences to deal with breaches when they do happen. Most organisations are not well prepared


for any of these cyber-security measures. Therefore, there is a need to address, not only technical measures to combat these attacks, but also to consider thoroughly the organisational readiness needed to combat cyber security-related incidents. Thus, organisations should develop and


implement good security policies, and have good capacity to deal with these threats proactively, as well as procedures to limit the damage when they are breached. In addition, they need to spread cyber-


security awareness among staff members so they do not fall prey to phishing attacks.


All perspectives Hence, an organisation must focus on all technical, organisational, and human perspectives to reduce the impacts of cyber- security incidents. Organisations should consider standards of information-security


www.CCRMagazine.co.uk


management, like ISO 27001, when developing security policies and procedures, and ensure that security processes and procedures are in place. These policies and procedures must be


easy to understand and implementable, and compliance with them should be ensured to manage insider threats. There should be proper and timely audit


of system assets and vulnerabilities. For auditing of ICT infrastructure, organisations should not depend on third-parties, because of the potential for information- leakage issues. Organisations should create effective


security-monitoring systems and limit the use of personal devices that are connected online, when looking towards the ‘internet of things’. They should focus on governance, for


example risk management, recovery and continuity plans, and security incident and event management. Moreover, they should introduce a


security culture within the organisational environment by raising staff awareness through training programs, to reduce the impacts of insider threats. They should also share information with


each other, as well as between co-workers and management about information-security breaches and their trends. Moreover, organisations should share


information regarding cyber threats with each other, to prevent future security incidents. Security personnel should be kept up to date by giving them the opportunities to attend the latest courses on information security. CCR


January 2018


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52