Every organisation should be interested in what might threaten their business……. right? Cyberattacks are one of the biggest risks that face today’s businesses. So what can we do to help better improve our cyber security? First, we should seek to understand…
How are attackers getting in? What are the key risks?
HP’s Wolf Security threat research team identified in a recent webinar with The Cyber Resilience Centre for the West Midlands, that the top two threat vectors are email (69%) and web browser downloads (18%) with social engineering via email the preferred method of attack.
The Early Warning Service
Looking to demonstrate continual improvement, here at Risk Evolves we’ve recently signed up to National Cyber Security Centre (NCSC)’s Early Warning service.
The Early Warning service covers the two top threat vectors, email addresses and web domains, and informs organisations of potential cyber attacks on networks, as soon as possible, which can save time, valuable resources and money!
So what? Why receive early warnings?
- Incident Notifications – suggesting an active compromise on a system (perhaps by a strain of malware),
- Network Abuse Events – indicating malicious or undesirable activity associated with assets,
- Vulnerability and Open Port Alerts – indicating vulnerable services/applications
Simple steps to upgrade your existing security controls:
- Register with the Active Cyber Defence (ACD) Hub at NCSC
- Sign up for the Early Warning service
- Input any employee email addresses, shared inbox addresses, domain names and IP addresses within the organisation
- Monitor the results
Running parallel with this is NCSC’s Threat Intelligence reporting. This is significant because the new 2022 version of ISO 27001 has a new Annex control, A5.7 Threat Intelligence!
What else can be done to tackle these risks?
There are some simple steps organisations can take and Risk Evolves can help guide your business through that cyberspace minefield! Our experienced consultants can help you achieve and maintain Cyber Essentials, IASME Governance and ISO27001 certifications; can provide ad-hoc support; provide continued retained support; support in an emergency and help with your training requirements.
To learn more about how you can reduce the risk to your business, please contact the team or call 01926 800710 for a chat.