By Niranjan Acharya
Internet has become the backbone of every industry. Financial sectors, governments and private companies have online presence, use Internet as a communication medium, and connect between distant businesses and more. As Stride IT Consulting strives to ensure that organizations are adequately secure and able to conduct business, the study helps in identifying the top attacks, threat motivation and how organization can strengthen themselves to reduce the impact by identifying gaps and taking necessary actions to fill in the gaps. Stride team has captured the information published by ISACA, through a study conducted by RSA and ISACA, which highlights the top threats, threat motivators and what steps organizations need to take to ensure a secure cyber environment.
Every business has some dependency on the Internet and connected networks to reach out to their customers, suppliers, business partners etc. Such dependencies are threatened on a daily basis by cyber criminals, hackers, etc.
The study also shows that most of the attacks are motivated. Cyber crime being the top threat, financial gain tops the list of motivation, followed by disruption of services, theft of personally identifiable information and lastly, classified data. Many organizations fail to acquire qualified people with adequate skills to understand business, communications and technical skills that will help in reducing cyber attacks.
Cyber crime has increased since couple of years as most of the crimes can be committed across the borders, where law agencies may have least or no control. Hacking for a cause has also seen an increase in recent times due to political issues. Insider attacks is also one of the most signification threat actor, as employees, staff and contractors have access to valuable information and information systems within the organization.
Technical and administrative controls can prevent or at least reduce many of the attacks, but the human factor is the biggest weakness. People are required to be trained in how to detect and react to a potential security attack to increase the security of the organization.
Organizations need to concentrate on developing skills through; on the job training, encourage its staff for training and certifications, and provide adequate support for self-instructed learning and vendor specific trainings. While these are the administrative controls, organizations must also focus on improving its security posture through periodic assessments of its information systems and network infrastructure. The assessment may include, re-evaluating the network design, configuration reviews of network components, security configurations and evaluation of network administrative activities and skills of the network professionals.
In the wake of cyber security threats, organization must emphasize on a top down approach and involve each entity within the organization taking part in cyber security culture within the business. A strong communication channel is imperative to keep every stakeholder informed of the current and future security requirements.