Experts and founders of Securitude, Yul Bahat and Michael Benton, gave a dynamic presentation, punctuated by many questions from the gathered guests, outlining various examples of possible cyber security attacks and how best to tackle them.
What was really underlined was the human aspect of a cyber security attack, the creativeness of the hackers and the weak link in any company: which is each and every employee.
M. Bahat explained some of the simulations Securitude carry out to teach companies about potential attacks, for example a USB key that’s dropped somewhere in the office building. An employee picks it up with good intentions, plugs it in to their computer to try and find out who it belongs to – too late, their computer and the company network has now been compromised.
A simple email sent to the HR Manager applying for a job at the company, their CV and cover letter is in a ZIP file. The ZIP file won’t open properly and appears to have an error…before the company knows it; sensitive information has been accessed and is being leaked.
Cyber security attacks can be a dramatic affair but don’t come across as such; with a ransom note and a threatening message from the hackers, but more likely a banal incident that goes almost unnoticed – an email sent with a fake invoice attached or for a link to track a delivery. Or could happen through every day occurrences, a board member is at an airport and connects to the wifi with their laptop or phone, a nearby hacker also travelling then manages to access their documents.
The question isn’t if a company will be hacked, but when. A cyber security attack is something that every company, large or small, should prepare for. There should be a risk management plan in place and each employee should know who to contact in the event of a cyber security breach.
With GDPR (General Data Protection Regulation) coming into effect in May 2018, cyber security is something everybody needs to be thinking about and starting to prepare for.
Concerns about Cyber Security are top of mind. In a recent Institute of Directors (IoD) survey 96% of business leaders recognized the importance of having a data security strategy but only 56% had taken specific action, and less than 40% are clear about whom to inform should a breech occur. When the new EU General Data Protection Regulation takes effect from May 2018, UK and European boards and directors assume far greater responsibility for data security. But few know where their companies stand and many are unclear about risks, governance and best practice. How certain are you? Ready to accelerate your competence curve?