Search By Topic The Green Supply Chain Distribution Digest
Supply Chain Digest Logo
 

December 9, 2021




As C8 Secure’s Cybersecurity Director, Leon oversees the full spectrum of security services including advanced cyber defense, applied cybersecurity solutions, and managed security services. Leon also leads the security innovation program, which discovers and delivers new and innovative cybersecurity technologies. He is a highly experienced IT professional with 17 years’ experience in the industry and holds a BEng degree in Software Engineering and a first-class Information Security Master’s Degree from City University, London.

Leon Allen
Cybersecurity Director, C8 Secure

 

5 Steps to Reduce Your Risk of a Ransomware Attack

Security is a Journey, Not a Destination

Listening to the news, you would be correct in being concerned about the extreme levels of ransomware attacks across the world. And, more importantly, whether your company is prepared to weather such an attack. To help address those concerns, Leon Allen, Cybersecurity Director at C8 Secure (www.c8secure.com), lists 5 key steps that companies can take to reduce their risk of a ransomware attack:

1. Take Inventory “We don’t know what we don’t know” 

Allen Says...

Take stock of your data and cyber footprints and focus on the risks and cost to business that are applicable to you.

What do you say?

Click here to send us your comments

Whilst this may sound simple, you would be very surprised to learn how organizations are directly infiltrated and exposed by simply not understanding what assets are within their enterprise. This starts from unsecured endpoints (such as laptops, switches, servers etc.) through business applications hosted in the cloud or in a data center.

 

To help with taking inventory, tools like asset discovery scanning and automated vulnerability scanning can be used. Furthermore, other good housekeeping measures involve reviewing your change management procedures, running a report on administrator accounts, verifying firewall rules, and validating VPN accounts.

2. Define Risk “An ounce of prevention is worth a pound of cure

 

It’s important to not get caught saying “I really wish I would have spent a few more security dollars”. Whilst it’s very much understood that security budgets are only typically increased following an incident, the level of threat in the world should help us all justify greater security investment.

 

Where you spend resources should be commensurate with your risk. If we don’t know the risks, it’s very hard to justify the application of those resources. Risks such as loss of revenue, regulatory concerns, impact to operations, your reputation, penalties, fines, contractual obligations, and data protection obligations need to be understood for your business.

 

Take stock of your data and cyber footprints and focus on the risks and cost to business that are applicable to you. 

3. Educate “To be armed is to be forewarned

 

To make decisions on technical solutions that can help mitigate risk, we need to arm ourselves with an understanding of the available cybersecurity solutions out there, including how those solutions compare. This naturally leads into decisions around whether you bring this solution in-house or whether you outsource to a Managed Security Solutions Provider (MSSP).

 

Crucial from an education perspective, is the end users. This is still the most direct path in avoiding the proliferation of malware within your organisation. When combined with an effective security event monitoring and ransomware controls solution, providing regular security awareness training can go a long way in mitigating the likelihood of a ransomware attack.

4. Plan “Security is a journey not a destination

 

Far too many idioms that can be used here (and I’ll try and avoid using the classic ‘Rome’ one). Essentially, we are not going to solve every problem in a single instance. Use the risks identified in step 2 and prioritize. Tackle the list over time. It’s crucial at this stage to ensure you have security representation at a board level to ensure you have the required backing to address those risks.

5. Execute

 

The time has come to execute your plan and start mitigating those risks. It’s critical that when you execute you are also testing, measuring, and quantifying along the way. Continually ask yourself the following questions:

  • Was this investment worth it?
  • Can I do this more cost effectively by outsourcing?
  • Were other gaps/risks exposed?
  • Was the result intended?

To keep your risks low, and returning to the adage that “security is a journey, not a destination”, it’s time to rinse and repeat steps one through five.

 

And remember, if you’re ever feeling overwhelmed, there are a multitude of companies out there who can help you. They would like nothing more than to have a conversation with you on how best to reduce your risk.

Any reaction to this Expert Insight column? Send below.


Your Comments/Feedback

 
 
 
 
 
 
   

Features

Resources

Follow Us

Supply Chain Digest news is available via RSS
RSS facebook twitter youtube
bloglines my yahoo
news gator

Newsletter

Subscribe to our insightful weekly newsletter. Get immediate access to premium contents. Its's easy and free
Enter your email below to subscribe:
submit
Join the thousands of supply chain, logistics, technology and marketing professionals who rely on Supply Chain Digest for the best in insight, news, tools, opinion, education and solution.
 
Home | Subscribe | Advertise | Contact Us | Sitemap | Privacy Policy
© Supply Chain Digest 2006-2021 - All rights reserved