search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Security


help hackers to identify weak links, such as legacy accounts that do not have MFA. Te exploitation of one small vulnerability in some cases can lead threat actors gaining access to a business’s entire corporate system. In the age of AI, IT leaders cannot


forget these basic information security features, that can result in successful breaches even in cases where more complex and sophisticated defences are in place. Employees also have a part to play,


as the first line of defence. Businesses need to ensure frequent, clear communication around cybersecurity basics - especially in hybrid working scenarios, where the distance between the office and actual workplace can inspire security apathy in remote workers or result in more complex security strategies needing to be in place as visibility becomes a greater challenge.


Knowing your risk profile Knowing where, what, and how much data you store is crucial to identifying vulnerabilities and restoring operations in the event of a security incident. As all businesses are likely to suffer an attack, this knowledge is vital to responding at speed, protecting data and systems and safeguarding business critical operations. Without a basic understanding of the data at risk, businesses will not be able to effectively respond. Likewise, an access management strategy should be in place at all times. Maintaining up-to-date records around who can access documents is an ongoing challenge faced by ITDMs. But oſten, it is these human elements which can alert security professionals in the event of a breach. Businesses should begin by enabling MFA and working to


zero-trust principles, introducing centralised logins, and enabling access to be cross-referenced and integrated with physical authenticity checks.


Understanding the role of emerging technology While every year we hear of new, large-scale and successful cyberattacks, the truth is that very few are actually ‘new’. Despite the adoption of emerging technologies by businesses and threat actors alike, cyber criminals are still ultimately relying on proven methods to breach systems and steal valuable business data. AI tools have the potential to become a weapon in


cybercriminals’ arsenals. Inexpensive AI can generate convincing phishing emails and even realistic voiceovers for calls, enhancing the effectiveness of scams. However, whilst this potential exists, many criminals are not yet exploiting it as they don’t need to. Te current techniques work perfectly well and so AI is not yet being used by significant numbers of threat actors. While AI enhances the sophistication of cyberattacks, the


underlying vulnerabilities remain the same. Tese attacks oſten exploit well-known security weaknesses. Tis underscores the importance of maintaining strong cybersecurity hygiene as a fundamental defence. As businesses continue to facilitate hybrid


www.pcr-online.biz


working, the ongoing reliance on digital communication channels makes the potential threat of AI enhanced phishing attacks particularly acute. Educating staff around the use


of emerging technologies to create phishing links in staff emails, or to target inadequately patched soſtware, can be a good first step to protecting business infrastructure from these attacks. In the future, emerging technologies


like automation and AI can enhance cybersecurity by streamlining processes


and strengthening defences. However, the fundamentals of cybersecurity will remain crucial for a robust strategy.


Creating a culture of openness In the event of a security breach, many people report feelings of shame. Businesses also worry for their reputations – fearing the consequences of a data breach negatively impact their standing amongst partners and customers. Tis can inevitably lead to a culture of secrecy, where successful


attacks are suffered, and dealt with, in the dark. But relying on silence only benefits one section of society, and those are the attackers themselves. Adopting a zero-blame culture where employees are rewarded


for reporting issues as early as they possibly can, without fear of reprisal, enables business to quickly respond to attacks and has been shown to significantly improve the efficacy of an awareness programme. Likewise, when an organisation suffers an attack, a culture of openness should allow them to share their learnings and allow others to further protect themselves.


Preparing for an attack, ensuring a response Treat actors will find and exploit any vulnerabilities to gain access to an organisation’s systems – from any time, at any level. Tat’s why establishing the basics of cyber resilience is so important. Acting fast to patch issues can prevent attackers from accessing systems using known weak spots. Educating staff can reduce the likelihood of human error which could introduce malware into business systems. And an up-to-date access management strategy can help to identify suspicious activity before data is lost. Te most effective way you can prepare for an attack and ensure


an effective response is to simulate and run tabletop exercises with your senior leadership team and IT teams to take them through what will happen in a cyber-attack. To paraphrase the first paragraph of this article “it’s not a matter of if, it’s a matter of when” - therefore preparing for the inevitable attack and making sure that you have all of the tools and processes in place before the attack occurs is the direction that companies should adopt. Tese are not complex security requirements; they are the basics.


But in the age of AI and emerging technologies, it is important that we don’t lose sight of the fact that fortifying security basics and ensuring good cyber hygiene can actually protect organisations from the majority of attacks.


November/December 2024 | 45


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64