More than 80% of Kiwis who use the internet have experienced a cyber security breach. Take those numbers across to business and the statistics are definitely cause for concern. Are New Zealand businesses too relaxed about their security?
Here are the Top 4 Mitigation Strategies to ensure organisations tick the most important boxes and minimise their security risks.
“By covering the Top 4 you knock off the low hanging fruit, so to speak. It’s a bit like having locks on your front and back door at home. Unfortunately, the basics are still not being done, leaving many organisations vulnerable.” Brendan Laing, Senior Systems Engineer, OneNet.
The Cyber Security Operations Centre (part of the Australian Government’s Defence Department) cites that at least 85% of the cyber intrusions it responds to would be mitigated had agencies implemented these Top 4 Strategies.
So what are they..?
- Application Whitelisting: the process of allowing only “known good” or whitelisted applications to be executed.
- Patch Applications: update software to the latest versions, to prevent systems being compromised by widely known weaknesses in older products. This includes things like Microsoft Office, Java, PDF viewers, Flash, Web browsers etc.
- Patch Operating Systems: newly released security fixes should be installed as part of regular updating to ensure security vulnerabilities are removed.
- Minimising Administrative Privileges: This is based on the long standing “principle of least privilege” designed to prevent exposure to more resources than are required to complete a task, in turn minimising damage that can occur.
Similarly a New Zealand report has been released regarding common cyber security threats impacting on New Zealand organisations. The agency responsible, NCSC (New Zealand Cyber Security Centre) is a security support and advisory group for businesses, public and private, including those critical to New Zealand; such as telco, banking and power companies, etc.
Total recorded incidents almost doubled from 2014/15 to 2015/16. Issues dealt with included espionage, theft of intellectual property, damage to IT systems and general disruption of operations.
No matter the size of your organisation, the risks are very real to all businesses operating in the online space. What business today isn’t?
“The probes and enquiries that the attackers are using are done on an automated basis and they’re very un-selective. If your company defence is down, they’ll find the weaknesses and exploit them”, explains Brendan.
Take advantage of a team of experts that genuinely put your needs first. At OneNet we value exceptional service levels delivered by our knowledgeable and experienced people – please get in touch.