The Busy Executive’s Guide to Information Security in 2019
What Are the Likely Security Threats & Developments for 2019?
Cyber threats are always evolving, and 2019 is sure to bring a barrage of new and increasingly sophisticated attack sources and techniques. We expect that 2019 will see an increase in the scope and frequency of cyber attacks, and reckon businesses should prepare for multi-pronged attacks that target multiple locations and sites simultaneously, or in quick succession. We also foresee a potential increase in sophisticated phishing schemes, IoT security threats, crypto jacking malware and cloud cyber security threats.
Our Top 6 InfoSec Risks for Businesses in 2019
- Network Design and Business Process Weaknesses – Hack the human is a popular term among attackers – how could you or your staff unwittingly aid an attacker to break in?
- Unpatched Systems – Two of the biggest incidents in recent times would have been non-starters but for unpatched systems
- Untested Backups and No Disaster Recovery Plan – it’s too late to make a plan when the attack starts
- Thinking ‘We’re Not a Target’ – it affects your firm’s security posture and increases the likelihood of a successful attack
- The Email Communication Channel – It’s the most common attack vector and surprisignly successful
- Malicious Insiders
What Are the Most Important Information Security Solutions for Businesses?
It is essential that your business has a thorough security strategy in place. To combat the 6 specific risks we outlined above, we recommend that you:
- Undertake an Annual Independent Security Review
- Update Your Risk Register and actively Address the Risks
- Conduct Application Whitelisting
- Start Using Data Rooms to Share Confidential Information
- Arrange Email Fraud Training for Your Staff
We also suggest that your business implements
The Essential 8
While no single strategy is guaranteed to prevent cybersecurity incidents, we recommend that – at a minimum – organisations implement the Essential 8 mitigation strategies published by the Australian Cyber Security Centre. These strategies will secure your systems and make it much harder for adversaries to pull off successful attacks.
The Essential 8 Strategies include:
- Application whitelisting – to control the execution of unauthorised software
- Patching desktop applications – to remediate known security vulnerabilities
- Patching operating systems – to remediate known security vulnerabilities
- Configuring Microsoft Office macro settings – to block untrusted macros from running
- Application hardening – to protect against vulnerable functionality
- Restricting administrative privileges – to limit powerful access to systems
- Adding Multi-factor authentication – to ensure only authorised users gain access
- Daily backups – to maintain the availability of critical data
Another cyber security solution we recommend is Barracuda Essentials, which is a comprehensive, cloud-based service that provides protection against spam, malware, phishing emails and more. Barracuda Essentials provides businesses with:
- Protection from email-borne threats
- Advanced threat protection against zero-day attacks – the kind for which there is no current security patch by a vendor
- Data protection
- Inbound filtering
- And more
Want to find out more about information security and how you can protect your business from cyber threats? Check out these free resources:
- Cyber Security Risk Self-Assessment Tool – An interactive tool for anyone who manages a small or medium-sized business
- Strategies to Mitigate Cyber Incidents – Advice and assistance on information and communications security
- Stay Smart Online – Information about the latest online threats and how to respond
You can also peruse these blog posts: