June 20, 2017

Download

Whitepaper: Enhancing security, resilience and efficiency across a range of industries

IFSEC 2017

The 6 most common cybersecurity mistakes companies make

Cybersecurity risk is one of the preeminent threats organisations face today and the National Cyber Security Centre (NCSC) is hoping to help based on insight from 800 incident reports they collected in the past 9 months.

John Noble, CBE Director of Incident Management, told IFSEC International attendees about some common mistakes companies make when it comes to cybersecurity.

1. Companies ignore the basics. They have outdated anti-virus signatures and patching programmes. What’s more, companies do not lock down their system administrators accounts.
2. While companies need to consider the trade-offs of running a business and being secure, many organisations go too far and ignore the advice of security professionals. Companies need to take into account the reputational impact of a breach.
3. Because systems today are so complex, companies misunderstand where the real risks are. Companies must determine what data is most important in an organisation and put security controls against that data.
4. Legacy equipment is ignored. Many think legacy equipment cannot be hacked. This is false. Legacy systems must be patched.
5. Outsourcing can be source of weakness and risk. Companies need to ask third-parties about their security controls and carefully look at their contracts and how these third-parties secure their systems.
6. When a company acquires another company, often they bolt on the acquired network to their network. By doing so, a company is opening its network to risk.

NCSC’s mission is to make the UK the safest place to live and do work online. To achieve this objective, NCSC provides advice to government, individuals and companies about cybersecurity. NCSC, part of the GCHQ, offers confidential advice to companies breached and provides coordination with other parts of the government in the case of an incident.

Listen to the IFSEC Insider podcast!

Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.

Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.

IFSECInsiderPodcastLogo

Related Topics

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments