A company’s know-how is one of its most valuable assets. The customer information that the company possesses is just as important. The loss or leaking of said information may represent a serious economic threat to the company and its image.
Furthermore, cybercrimes are now considered more lucrative than drug or arms trafficking.
We all Know ...
"The largest cyber-attack in 10 years blocks access to websites such a CNN, Yammer, New York Times, PayPal and Twitter”
“Pen-drives with viruses are handed out at the door of an important company”
“Mass attack on Endesa customers with fake invoices. Cyber criminals attempt to get the recipients to open their emails, which allows them to infiltrate a virus that blocks their personal files."
“The United States imposes sanctions on Russia for cyber-attacks launched during the elections.”
“Thousands of companies (and their customers) are endangered after a mass ‘ransomware’ attack”
On the hand, platforms such as the Internet of Things, Big Data, Machine Learning and of course Cloud technology allow the perimeters of a company’s cybersecurity to be broadened, and as such, means cybersecurity strategies are needed in order to address Digital Transformation without putting at risk any of the company’s information assets.
To create a Cyber Security Plan that protects confidentiality, integrity and the availability of the principal cyber security issues (ISO 27000, NIST-800), follow these steps:
What type of controls shall have to implemented to keep the services secure? The recommendation is to apply what is known as “deep defence” applying several security layers to the same element, and dividing the makeup of the network into various sections with the purpose of making it even more complicated to access information:
Some of the security measures that can be established on each layer are:
However, to avoid the loss or leaking of any information, or to avoid being the victims of a cyber-attack, merely having powerful security systems is not enough, as each person who has access to the network is a potential point of attack for cybercriminals. The weakest link in a company’s security system is people.
Nowadays, most attacks are launched by using Social Engineering. Attackers benefit from the trust of the users, following these basic statements:
There is no doubt that without a suitable USER AWARENESS PLAN, even the most powerful security systems are worthless.
And if all that does not work? Well, suitable procedures shall need to be implemented for the early detection of security incidents, as well as rapid responses and the recovery of any damaged services.