Cyber Defence – Knowing your enemy

How to better protect you and your business

With more and more of our business and personal affairs being conducted online, cyber security is becoming increasingly complex. The global pandemic has escalated the issue, with home-working significantly increasing the risk of breach or attack. Knowing who today’s cyber enemies are, and how and why they attack helps us improve our line of defence.

Know your enemy

Today’s cyber enemies, often referred to as Bad Actors, are becoming increasingly clever at playing a deceitful role in order to gain access to your systems.  To combat this threat, you need to have robust and relevant security practices in place. Let’s look at the types of bad actors you might encounter today.

Do you already know your enemy?

Insider Threats

  1. The disgruntled or disloyal – employees who leave on bad terms can be approached by 3rd parties to provide access to credentials in exchange for cash or another incentive.
  2. Silly mistakes – Malware delivered through email\USB device once activated can breach security, as can phishing emails – and the sophistication of these is increasing. The accidental sharing of sensitive data to the wrong recipient can create a GDPR breach which comes with a hefty fine.

External Threats

  1. Script Kiddies – a technical term to describe individuals or groups who will purchase already written code from the ‘Dark Web’ and deploy it as they see fit.
  2. Hacktivists – Individuals or groups who will look for vulnerabilities within your organisation’s structure and publish their findings through the ‘Dark Web’ and beyond for other cybercriminals to use.

Insider Threat Protection

Cyber Essentials, Microsoft 365 data protection and Multi Factor Authentication (MFA) can all prevent incidents caused by unhappy employees, while email protection, user training, mobile device management, antimalware software and MFA can be implemented to help prevent human error.

External Threat Protection

Lock the front door! Every employee is a keyholder and should be trained and made aware of potential vulnerabilities.  Other technical solutions such as a well-configured firewall, regular patching schedules, MFA, mobile device management and keeping line of business applications up to date are vital steps in protecting internal resources from external threats.

The good news is that 90% of today’s threats can be mitigated with a well-thought-through approach to cyber security including the process of gaining Cyber Essentials certification for your business.

You can find more information on our cyber essentials accreditation process here Cyber Essentials and you can watch our recent webinar on the subject here Cyber Essentials Webinar on demand.

Stay safe!

Our certifications