CYBER SECURITY Peter Yapp, former Deputy Director of UK’s National Cyber Security Centre, explains why cyber crime prevention is stronger than the cure
PROACTIVITY VERSUS REACTIVITY T he harsh truth of cyber crime is that, unless an organisation is the direct victim of a cyber attack, they tend to not take much preventative action. The ‘it won’t happen to me’ syndrome is a risky attitude to take, particularly considering the increasing scope of cyber criminals. As technology evolves, so do their targets, tools and techniques for exploitation. It’s why businesses have to establish robust safeguards and defences to halt threat actors in their tracks. It’s why, in the murky and treacherous world of cyber crime, prevention is always better than the cure.
TIME TO TAKE CYBER SECURITY SERIOUSLY For many organisations, the starting point for cyber defence is to examine the potential threats directly facing their company. Unfortunately, this all-too-common attitude invariably leads to the illusion a false sense of security. So many current cyber breaches are a result of collateral damage from an attack on another organisation or stumbling across a vulnerability in your organisation by chance and exploiting it. In many cases, cyber attackers start by scanning the internet for known
16
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 43
vulnerabilities, preying on and exploiting the weak and easiest to access. Every vulnerable organisation can become a target (and there are many out there) and this throws the threat focus on its head. It means organisations should not only focus on shoring up their immediate vulnerabilities, but should be interrogating the potential ramifications of breaches to vendors, partners, clients and, especially, their supply chain. SUPPLY CHAIN REMAINS A CYBER SECURITY WEAK LINK The software supply chain has increasingly become an alluring target for cyber criminals, with attacks increasing by 78 per cent in 2019. It has evolved into a global issue that requires an international solution to mitigate. Every member of the supply chain must play their part. After all, one weak link is enough to break the entire chain. It’s why organisations must not only regularly patch their own software, but also stay firmly on top of their third-party suppliers. Most companies probably know who handles their data processes, but are they aware who has access to their air conditioning units? Do they know how much network access the organisation who handles the physical security of their building has?
