Over the years, technological developments have advanced rapidly, providing large areas of opportunity and new sources of efficiency for enterprises, no matter how small or large they are.
However, those same opportunities also bring new threats. Cyber security is defined as the protection of data, networks, and systems in cyberspace and this is, or should be a critical issue for every enterprise.
As more and more devices are connected to the internet, cyber security will become ever more important.
Some of the threats faced by the enterprise are:
- Cyber Crime – usually conducted by organized groups or individuals who are focused on stealing data, money or causing a measure of disruption. Cybercrime takes a number of different forms, including the theft of intellectual property and credit and debit card data, or disrupting how a service or website works
- Cyber War – A nation state that carries out espionage and sabotage against other nation states to steal data or cause large-scale disruption.
- Cyber War – usually an independent organization, not connected to a nation state, that carries out terrorist activities through cyberspace
Some enterprises are at more of a risk of cyber war or cyber terror than others are such as governments, high-profile institutions and those that work within the critical infrastructure of the nation.
Other than those, most companies will never have to consider the implications of cyber war or cyber terrorism
How Cyber Criminals Attack
The cyber criminal tends to act from a remote locations using any one of a number of different attack methods, all of which come under the term “malware”.
Briefly, these are viruses, worms, spyware, adware, and Trojans, all of which are designed to disrupt service through modification or corruption of files, theft of data and files, damage to networks, and collection of personal information for malicious purposes.
An enterprise cyber security policy should be directly proportional to the risks that the individual enterprise faces and should also be drawn up after a risk assessment has been carried out.
All enterprises will face one of two different types of cyber-attack which must be prepared for:
- They will be attacked deliberately because they are a high-profile enterprise and would appear to hold data that could be valuable, or they may be another benefit to the attacker in a public attack
- They will be subjected to an opportunist attack because a scan will detect vulnerabilities that can be exploited. Pretty much any entity that relies on the internet will have these vulnerabilities unless they have undergone strict testing and have been secured.
Cyber criminals don’t discriminate. If there is a weakness, they will attempt to exploit it.
Because of this, all enterprises have to fully understand the threats that they face and implement safeguards against them. Those safeguards include:
- Installing a firewall
- Setting up an access control list that allows you to monitor who has access to what systems
- Change the Point of Sale system default password
- Establish which employees have access to business information and establish their roles and responsibility
- Establish social media and internet usage policies
- Use a professional web-filter
- Have internet security installed on every computer and device in the enterprise
- Be cautious about the security of peer-to-peer sites if your company uses them
- Keep all your most business critical data stored offline
- Make sure you have insurance that covers cybercrime