} Seven NCSAM Tips for Cybersecurity Professionals - Strand
  • Home
  • Insights
  • Seven NCSAM Tips for Cybersecurity Professionals

10/20/2017 - Posted in  ICT & Digital

Seven NCSAM Tips for Cybersecurity Professionals

Our expert's opinion

“That won’t happen to me!” 

To be honest, that is what I always think when it comes to hacking and online breaches. This October it is Cyber Security month, an international initiative to make people, and especially people like me, aware of the risks that accompany the online world. How can we as an organisation or as an individual, protect our data and privacy? And what does the European law do to protect us from hackers and even ourselves?

- Anastasiya Vypryts'ka, Associate Consultant

Seven NCSAM Tips for Cybersecurity Professionals

Thanks to the largest global ransomware attack in history and other high-profile data breaches, cybercrime has been in the media spotlight more than ever in 2017. Given the volatility and rapid expansion of the threat landscape, it is critical for companies to understand and reflect on their security practices. There is no better time to do so than in October, which has been observed as National Cyber Security Awareness Month (NCSAM) since 2004.

Last year during NCSAM, IBM Security helped raise awareness about cybersecurity with weekly tips for everyday users. This year, we will be providing somewhat more advanced tips for security professionals every week. Below are the first seven.

1. Know Where Your Risks Are

Do you know where your risks are, or are you among 62 percent who don’t have enough information to evaluate cyber risks? Companies must shift from reactive efforts to a proactive approach to risk management. Make it a point to understand where your risks lie so you can better implement targeted processes to mitigate attacks. While frameworks are becoming the strategic tool of choice to assess risk, security products and services are still required to minimize threats.

2. Protect Your Internal Network

Did you know that company employees are responsible for 60 percent of all digital attacks endured by enterprises? Many of the most newsworthy breaches don’t come through the front door, but from internal weaknesses. That’s why it’s critical to protect your internal network as much as you would protect your ingress and egress points.

3. Don’t Just Hear — Listen

Most people never listen — they only hear. Make an effort to listen with the intent to understand, not to reply. As the Dalai Lama once said, “When you talk, you are only repeating what you already know. But if you listen, you may learn something new.”

4. Make Cybersecurity a Priority at Every Level in the Organization

According to Inc., 60 percent of small companies are unable to sustain their business within six months of a cyberattack. Given the fact that employees outpace fraudsters as source of threats, cybersecurity should be an important matter at every level of the company, not just an IT issue. It’s time to start fostering a culture of cybersecurity within your organization.

5. Know Where and What Your Crown Jewels Are

Do you know your battlefield? Understand what and where the crown jewels in your organization are before developing a comprehensive strategy to protect them. Where is the data that, if exposed, could impact careers, business reputations and bottom lines?

6. Test and Rehearse Everything

How ready are you for a cyberattack? You can put your team and strategy to the test by visiting a cyber range such as the IBM X-Force Command Center. Running capture the flag exercises on a well-equipped cyber range can help organizations build security skills and identify gaps.

7. Don’t Use Outdated, Easy-to-Crack Hashes Such as MD5 or SHA-1

Don’t store user passwords in plain text and don’t use outdated easy-to-crack hashes like MD5 or SHA-1. BCrypt or scrypt are best to minimize impact of a data leak.


Source: SecurityIntelligence

Other insights in ICT & Digital