Not long ago, malware and other viruses were nothing more than occasional mild annoyances, but cyber crime has become big business in the past few years. With the majority of organisations across the world now relying on the Internet, criminals have taken advantage.
With more people to target, and more tools at their disposal, criminal hackers have reshaped the cyber security landscape in the past decade. As a result, organisations’ cyber security defences need to be more complex and broad than ever, taking into account technological vulnerabilities and the people who use that technology.
Ransomware is a prime example of this phenomenon. Such attacks comprise both a technological component – the malware – but are most often spread through social engineering. According to a study from network security firm PhishMe, ransomware is delivered by 97% of phishing emails.
How can you keep ahead of evolving cyber threats, then? A white paper from cyber security firm Fortinet says that any cyber defence system needs four elements:
- Prevention: act on known threats and information, utilising next-generation firewalls, endpoint security and secure email gateways.
- Detection: identify new threats with “detection points that span all the access vendors (email, Web, Internet points of presence, etc.)”.
- Mitigation: respond to detected intrusions quickly and effectively. “Forensic tools, supporting services and integrations with an organisation’s existing threat prevention products have a role to play in this effort.”
- Repetition: continue to perform this process, and “include an automatic feedback loop for constant learning and improvement to ensure its effectiveness continues to improve”.
Improve your information security with ISO 27001
If you want to learn more about keeping your information secure, you should download our free ISO 27001 fact sheet.
ISO 27001 is the international standard that describes best practice for an information security management system (ISMS). Certifying to ISO 27001 demonstrates that your organisation is following information security best practice. It covers people, processes and technology, recognising that information security isn’t about technology alone:
Our fact sheet explains:
- How ISO 27001 can improve information security
- The benefits of achieving certification
- What to consider when tackling the Standard
- How to overcome the initial barriers of implementation