Imago Techmedia Ltd is registered in England and Wales under Company No. 04865455. VAT No. GB 843 8456 01
Registered Office: Bedford House, Fulham Green, 69-79 Fulham High Street, London, SW6 3JW, United Kingdom
Business Address: Imago Techmedia, 2C Bedford House, Fulham Green, 69-79 Fulham High Street, London, SW6 3JW, United Kingdom
Imago Techmedia is a subsidiary of Clarion Events Limited
Is it possible to have a 100% secure organisation?
Thursday 24 August 2017
Shadow Brokers, Cloudbleed, WannaCry and then Petya. It’s been enough to make even the most unflappable executive wake up in the middle of the night in a cold sweat. This year has seen a proliferation of devastating cyberattacks. Security has rocketed to the top of the Boardroom agenda.
How then do you make your organisation completely secure against cyber attacks?
No organisation can be totally secure but you can mitigate the risk of such attacks being successful. A layered approach to security harnessing different defences can cover the gaps in the others' protective capabilities. Firewalls, intrusion detection systems, malware scanners, integrity auditing procedures, local storage encryption tools and social engineering training can each help.
An easy mistake is that you invest in sophisticated software but fail to address the vulnerability of your employees. Social engineering is the manipulation of people through psychological or non-technical means, in order to gain access to finance, data, information or even physical access to premises or goods.
According to ‘People Hacker’ expert, Jenny Radcliffe: “We are all at risk from malicious social engineers who would manipulate anyone they can to achieve their goals. However, company staff are especially vulnerable as they provide a good route to accessing an organisation’s information.”
Gradually the hacker gains the trust of the target and then uses that trust to get access to sensitive information like password or bank account details. It’s basically a type of confidence trick for the sake of information gathering, fraud or systems access.
At the heart of mitigating this threat is education. There is a raft of free materials online that provide a good grounding in how to combat it. Events such as IP EXPO and training courses can also be considered to educate staff, spread awareness and help protect employees of all levels from people based hacks.
The good news is that firms are investing more in security than ever before. But let’s hope this spend is focused as much on educating staff as it is on security software and systems.