ACCA Cyber Security Event
I recently attended a Cyber Security conference hosted by ACCA Ireland that was based around Cyber Security threats and what organisations can do to protect themselves and their customers. Here’s the breakdown.
Cyber Security is an ever growing and ever changing area of IT and until recently its importance has been grossly underestimated in Ireland. With the new EU regulations being enforced in May 2018, companies are under pressure to implement the correct processes and procedures so that they are compliant with the regulation when it’s implemented.
Huge fines will be handed out for any Cyber-attack incidents that happen if the correct procedures are not adhered to after the 25th of May next year. There will be no second chances.
Who is affected?
Everybody is affected. Whether you are a retail company, financial institution or technology company, you must be compliant by the 25th of May 2018 or you’re putting your customers, clients and even employees at risk of a Cyber-attack.
In 2016 alone Cybercrime cost over €120.1 billion and it affects over 556 million people each year. Although huge awareness has been raised about Cybercrime the figures are estimated to rise again. No company is safe as Cyber criminals don’t discriminate based on industry, they will attack whatever and whomever they can. Companies including Talk Talk, T Mobile, Supervalu and even Hello Barbie have been victims of Cyber-attacks proving no company is safe.
The UK government is taking the Cyber threat so seriously that it has set up its own risk management information showing how crucial having a Cyber strategy really is.
How is this happening?
Today’s hackers are getting more and more innovative with how they attack. In some cases they don’t even need you to open an attachment in an email, if you click into the email your computer can become infected and put your organization at risk.
We all need to be more mindful when dealing with emails from unknown sources or even from within your organization as these hackers can copy internal email addresses and mail you directly giving requests that can again put your organization at risk. In a lot of cases people are just not paying enough attention to what they do and will unintentionally open the door for a hacker.
Many cases have been recorded where people were just plugging in USB sticks, using personal emails, viewing insecure sites, opening unknown attachments and interacting with unfamiliar people emailing them directly.
Cyber criminals view hacking as a full time job and there has even been scenarios where a group of hackers will rent office space and essentially work a normal 9-5 Monday to Friday and hack into networks day in and day out as it’s there primary source of income, meaning that all people within any organisation must be proactive and mindful day in and day out.
What can companies do?
Although Cyber criminals can always be one step ahead, there is a number of things that you can do to prevent or manage an attack including:
- User awareness and education – Produce user security policies outlining secure and acceptable use of the organizations systems and staff training programs.
- Secure configuration – Apply security patches and ensure that the secure configuration of all ICT systems is maintained.
- Malware protection – Produce relevant policy and establish anti malware defences that are applicable and relevant to all business areas.
- Monitoring – Set up a monitoring strategy and produce supporting policies.
- Incident management – Establish an incident response and disaster recover capability
These are just a few ways to protect your organisation and there is many more but the main way a company can protect itself is to educate its staff as people are the biggest Cyber risk of all, so making them aware of the risks and providing them with the correct training is possibly the best strategy you can have.
I hope this was helpful or at least informative as Cyber Security is relevant to everyone, all feedback is welcome.
FinTech Recruitment Consultant