In our data-driven world, most organisations are at least partially dependent on a measure of electronic storage and networking. Perhaps out of experience, large organisations are generally aware of the need for effective cyber security frameworks including firewalls, access and awareness training, and anti-malware systems. Educational institutions, however, tend to be somewhat behind the curve, when it comes to tightly securing their data-verse. Recently, ethical hackers while testing the computer security of university networks discovered that they were able to successfully breach networks in less than 2 hours by using spear-phishing attacks to gain access to sensitive information. Well over 50 universities across the UK were a part of the test and in almost every case, testers were able to acquire domain-level administrator access used to control systems and gain complete unauthorised access to system information.
EU member states are now covered by the General Data Protection Regulation (GDPR) which is basically a law that protects the personal information of individuals within the EU and how they are used. GDPR is important for organisations around the world because it affects everyone who does business or communicates with individuals in the EU member countries. It is arguably the most important government regulation on data protection and data privacy rights in the last 20 years.
At Cyber Risk Aware (CRA) we do not only enable you build a human firewall that functions as a last and critical line of defense on cyber-attacks, we also ensure that you and your organisation are able to thoroughly meet your legal and regulatory compliance. We do this through our industry-leading and most user-friendly integrated Security Awareness platform which we are constantly improving to best suit your ever-evolving needs.
We have been busy delivering on the additional capabilities that we believe would enable you extract more value from the CRA platform, as well as some other updates that some of you outrightly asked for.
Information Security and SMiShing :
A company’s staff is the greatest untapped resource in the fight against cybercrime. Although research has shown that in 90% of successful cyber-attacks or more, there is an element of human fallibility involved, what those studies fail to mention is that a trained and vigilant staff could become the greatest barrier of defence against attack types: such as trojans, viruses, ransomware, and other electronic security threats.
Cyber-security education and awareness programs are an indispensable part of a balanced corporate security strategy. These programs equip staff with the tools that they need to be part of an overall security solution.
Phishing has been in the news lately, not only because it was the intrusion technique allegedly used by Russian hackers to access U.S. voter registrations, but also because it is becoming more prevalent, especially in the UK. You only have to look at the recent NHS "Wannacry" and the latest "Petrwrap" ransomware incidents both starting with curious staff opening phishing emails to understand the risks.
If the answer to any of these questions is ‘no’, then you are not alone. Employees remain the weakest link in the battle against cybercrime and are criminals number one target.