As a secure cloud provider, we don’t just protect our clients from cyber security threats – it’s essential that we protect our business and our people, too. What are the lessons your organisation can learn from how Six Degrees stays up-to-date with cyber security threats?
The volume, variety and sophistication of cyber security threats continue to increase significantly, and organisations are under constant threat of data loss and disruption from security breaches. According to the UK Government’s Cyber Security Breaches Survey 2021, at least 85% of medium and large organisations have suffered from phishing incidents, 56% were impersonated, and 14% have been subject to malware including ransomware.
At Six Degrees, we enable organisations to strengthen their cyber security postures to protect them from current and future threats. Through our UK-based Cyber Security Operations Centre (CSOC), we monitor and analyse the latest threats and supply guidance around how organisations can prevent threats from escalating and affecting their organisation.
It’s fair to say that in our time as a secure cloud provider we’ve learned a thing or two about how to stay up-to-date with cyber security threats. In this blog, we’ll impart some of the lessons we’ve learned.
Know Your Enemy: How Hackers Target You
In order to stay up-to-date with cyber security threats, you need to know your enemy – how hackers are targeting you and organisations like yours. Irrespective of the size of your organisation or what industry you are in, there are three key cyber security threats that all organisations face today:
Phishing emails are sent by hackers, and pretend to be from someone you trust like your bank or your local council. Their goal is to convince you to do something they can use to their advantage, such as click on a link to a malicious website or provide login and other personal details. Phishing emails are one of the main methods hackers use to deploy ransomware and business email compromise attacks.
Business Email Compromise Attacks
Business email compromise attacks target employees within an organisation by sending spoof emails which fraudulently represent senior colleagues or trusted clients. The emails use social engineering techniques to issue illicit instructions, such as approving payments to hackers’ bank accounts or releasing confidential client data that can be leaked on the Dark Web.
Ransomware’s primary aim is to extort money from organisations and individuals who are infected. It achieves this by encrypting files that are saved locally and on shared drives connected to affected machines, rendering them unusable, and then threatening to leak stolen confidential information onto the public internet. Once files have been encrypted, the user is notified and asked to pay money, typically in cryptocurrency, to obtain a key that will unencrypt the files.
Unfortunately, there is no silver bullet or easy fix when it comes to combatting these cyber-attack methods. However, at Six Degrees we believe that by taking a defence in depth approach with layered controls you can reduce risk and protect yourself and your organisation from potential threats.
Cyber Hygiene: How to Achieve Defence in Depth
Cyber hygiene refers to best practices that organisations can implement to improve their cyber security posture while engaging in day-to-day business activities. At Six Degrees we constantly monitor our cyber hygiene to ensure we remain as secure as possible.
Here are some of the most common and critical areas that we believe need to be incorporated into your ongoing management processes:
- Ensuring that routers and firewalls are installed and properly configured;
- Enforcing role-based access (‘need to know’) user permissions for authorised users;
- Ensuring that all antivirus, spamware, and other anti-malware protection is properly configured and – critically – that output is monitored and actioned;
- Updating all operating systems, applications, software and firmware with the latest security patches in a timely manner;
- Enforcing strong password rules and multi-factor authentication (MFA) procedures for all users;
- Ensuring that all computer networks are correctly segmented, and that those segments processing valuable data are covered by robust and tested data backup and recovery solutions.
Systems that are well-maintained are less likely to be vulnerable to cyber security risks. But although doing the basics properly is a great starting place, it does take into consideration external factors that can significantly impact an IT environment. Digital transformation projects can introduce new risks and vulnerabilities where existing controls are no longer effective. On this basis, how you plan for a secure future?
Adopting a comprehensive cyber security strategy enables you to increase your security posture in a controlled, efficient manner, predicting risks and removing knee jerk reactions. To meet this challenge, cyber security must become an ongoing, iterative process.
Adopt a Pragmatic Approach to Stay Up-to-Date with Cyber Security Threats
With cyber threats on the increase, how can you deliver more efficient protection for your organisation? The answer lies in orienting yourself and your organisation towards your objectives with a pragmatic approach. You need to:
- Accept that your organisation will not be 100% secure from cyber threats.
- Build a fluid and agile system that can respond flexibly to uncertainty, change and new information.
- Incrementally improve that system one step at a time.
This process is something we call the cyber security journey at Six Degrees. It involves a five-step iterative review process of your organisation and your cyber security capabilities — illustrated in the diagram below.
Ultimately, cyber security is a journey, not a destination. Any investment you make should be agile and flexible enough to meet both current and future demands.
Six Degrees offers the capabilities and expertise you need to ensure that your organisation is protected from the latest threats. Ready to learn more about how we can keep your organisation secure?
We recommend starting with our Aegis Cyber Security Maturity Assessment. Six Degrees conducts a comprehensive cyber security maturity and benchmarking assessment, delivered and managed in a consultant-led approach that provides you with point-in-time or ongoing visibility into your organisation’s security posture.
The Six Degrees Aegis platform will compile a detailed evaluation of your organisation’s cyber security readiness and your ability to address weaknesses, highlighting and scoring potential security gaps and making recommendations to reduce or mitigate the security risks. It draws on recognised standards and approaches including ISO/IEC 27001:2013, Cyber Essentials and NIST 800-53 to deliver a set of questions that cover a range of security domains.