One in five British companies has been hacked by cyber criminals over the past year, a new survey has indicated. Further, only a quarter (24%) of the survey’s 1,200 respondents said their business had security measures in place to guard against hacking. IT security experts from Imperva, Tripwire, Cylance and Corero Network Security commented below.
Amichai Shulman, CTO and CO-Founder at Imperva:
Paul Edon, Director, International Customer Services at Tripwire:
The top three measures a company can take to mitigate cyber risk are:
– Start by understanding the risk you have. You have to conduct regular, preferably continuous, assessments of configuration and vulnerability risk across your IT systems. The attackers will be doing the same.
– Don’t ignore the simple, best practices. Keep software up to date, apply security patches, change passwords, and make sure terminated employees and contractors don’t have access. This security hygiene goes a long way to making the attackers’ job more difficult.
– Train your employees on how to recognize a scam. Much of cyber security is about human nature and social engineering. Training must be ongoing because the attackers change their tactics.”
Anton Grashion, Managing Director-Security Practice at Cylance:
Stephanie Weagle, VP at Corero Network Security:
“While the Internet has been fighting off DDoS attacks for over a decade, these denial of service attacks are taking center stage as the techniques have become much more sophisticated in nature. Coupled with the ease of securing DDoS-for-hire services, access to massive botnets, and unlimited motivations we are seeing a far more dangerous concoction of attacks taking down major institutions.
“This elevation of risk comes at a time when DDoS attacks continue to increase in frequency, scale and sophistication over the last year. 31 percent of IT security professional and network operators polled in a 2017 survey conducted by Corero experienced more DDoS attacks than usual in recent months, with 40 percent now experiencing attacks on a monthly, weekly or even daily basis. To alleviate this problem, 85 percent are now demanding additional help from their ISPs to block DDoS traffic before it reaches them.
“The biggest DDoS risk factor, which was cited by almost half of the respondents (45 percent), was the potential for loss of customer trust and confidence. Lost revenues were also a serious concern (cited by 17 percent), while malware infection (15 percent) was also seen as a potential problem.”
Joep Gommers, CEO at EclecticIQ:
“If UK businesses are to fight against the evolving threat landscape, it’s important that they start to share knowledge and collaborate on past, current and future attacks. The way we share information is already starting to change, and we’re seeing a big push from government to set up collaborative initiatives to ensure the public and private sectors are sharing insight on threats. Embracing a stance of openness can not only improve a business’s view of cyber threats, but can also fuel a wider cyber intelligence revolution.
“Support for open source standards like STIX and TAXII need to sit at the core of the fight for true threat intelligence. These help re-align IT security efforts based on real-time information exchanges between government, commercial suppliers, non-profit efforts and industry partners. These standards should be embedded in any UK business to drive a culture of openness and sharing, giving the good guys a far stronger chance in triumphing over the bad.”
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.