Does cyber security need to evolve?

In Information Security ByTeam Acumin / 22nd June 2015

With the number of data breaches in 2014 affecting four in ten companies and the exponential rise in the number of cyber attacks, the focus on cyber security is making its way to the top of most organisations’ agendas.

The threat posed by cyber criminals has never been greater. Whether a breach results in the loss of sensitive data, fraudulent use of personal information, or the nuisance of having to de-bug your network, the financial, operational and reputational consequences can be quite severe.

Cyber crime is no longer a threat posed by lone operators, but rather comprises a sophisticated network of criminals exposing vulnerabilities in cyber defences in ever-changing ways. The scale of these attacks is such that no organisation is safe, from SMEs to global blue-chip companies.

In a world where cybercrime is thriving and able to adapt quickly, the question of whether or not cyber security needs to evolve is easy to answer.

In order to stay ahead of the risks posed by the threat of cyber attacks, security professionals need to:

• recognize that no single policy will 100 per cent protect their network environment
• focus on a three-pronged defence strategy of prevention, detection and recovery
• understand the data they are accessing and use it to identify the risks
• inform senior management on the issues and ensure capital is ring-fenced for investing in security
• educate the business so that security methods are common practice in the working environment
• be prepared for a breach and ensure there is an incident response plan in place
• make sure the company’s incident response plan is kept up to date and that all areas of the business are prepared
• perform regular testing of the incident response plan
• benchmark incident response times and procedures
• allow any breaches and the subsequent recoveries to inform the business’ ongoing cyber security policies.

With a potential breach inevitable for most companies, defence must take a pro-active approach – one that evolves in line with the rate at which cyber criminals are adapting to new technology.