A to Z of cyber security Part 3
17th June 2019
From 'supply chain risk' to 'zero day', in the final part of our A to Z of cyber security we explore a few more key areas that could potentially help you to protect your business against a cyber attack or data breach.
If you have any questions or queries relating to cyber security, and data breaches, or if you'd like to arrange a FREE cyber security assessment for your business, please don't hesitate to call or email us on 0333 358 2222 or info@everythingthatis.cloud S is for supply chain risk You might think that your supply chain and systems are secure but there are always cyber criminals out there who are ready and waiting to try and launch an attack on your business via a third party don't get caught out by a breach in this way. T is for TTPs The Definitive Guide to Cyber Threat Intelligence states that 'tactics, techniques and procedures' (TTPs) are the -patterns of activities or methods associated with a specific threat actor or group of threat actors. Penetration testing, for example, is used to mimic the TTPs used by hackers in order to strengthen security and deliver increased resilience to cyber threats. U is for updates Often referred to as 'patching', the implementation of regular software updates is central to the success of your cyber security. Most cyber attacks directly target software exploits for which updates are readily available. A prime example? If all NHS Trusts had performed software updates when they were advised to do so, most of us would never have even heard of WannaCry; more on that later. V is for vulnerabilities Vulnerabilities are everywhere. They can be found in pretty much every computer environment, including in software, hardware and even us, the human operators. Hackers are becoming more and more proficient at spotting them on all types of systems and devices so it's imperative you remain one step ahead of them. W is for WannaCry WannaCry is the global ransomware attack that hit on 12 May 2017. It was responsible for locking down over 200,000 computers in more than 100 countries. Here in the UK, the NHS was its most prolific victim. The damage it caused amounted to 19,000 patient appointments being cancelled with five A&E departments turning patients away for a week following the attack. WannaCry hackers used a known exploit that the majority of NHS bodies had applied a patch against and the whole episode reputedly cost the NHS £92 million. X is for XCyber A specialist cyber security company, XCyber was created to explore the human side of cyber attacks. XCyber comprises a team of people who have vast cyber knowledge and leadership experience working in the UK government and advising global law, intelligence and security services. Its role is to deliver intelligence-led, data driven and evidence-based reporting to offer specific insights for organisations. Y is for your future As the National Cyber Security Centre (NCSC) reported in its Cyber Security Breaches Survey 2019, 32% of UK businesses have identified cyber security breaches or attacks in the last 12 months. Cyber security poses a clear and present risk to all companies, irrespective of size or industry and it only takes one cyber attack to damage your business capability and reputation. Ensuring you have a robust cyber security management strategy in place one that works! and implementing all of the necessary protections and systems to prevent a breach and mitigate any consequences is vital to the long-term success and future of your business. Z is for Zero Day Zero Day or Day Zero is the day on which a new vulnerability is made known. This vulnerability is a cyber security hole in software that, until Zero Day, was previously unknown to its maker or antivirus firms. Cyber criminals, however, have often already spotted the flaw and been silently exploiting it. Zero Day refers to the fact that developers have zero days to solve the problem once the vulnerability is publicly known, so they have to work fast to fix the flaw and protect users.