Cyber Security | News

Interested in having the resources to do more? Discover how you can spend more time achieving your goals and reaching your full potential with ERA Group.

ERA Group is a network of 1,000+ specialists worldwide. We always have local expertise on your doorstep. ERA’s large network and depth of industry knowledge ensures our consultants deliver Value through Insight to your business.

Whether you would like to set up an initial meeting, gain more valuable insight into your industry or start the cost optimisation process, we can help you achieve your business mission and enable you to spend more time focusing on new initiatives and innovation, helping your business succeed.

Cyber Security is receiving a lot of attention in the press at present as the scale and success of attacks has increased in recent months. Reports of ransomware and disruption caused to systems in the NHS, power companies, elections etc. are focussing attention onto security which is sometimes lower down the agenda than it should be.

Robust security usually trails new technology by a number of years. As we are probably currently experiencing the greatest advance in technology than at any time in the recent past (Robotics, Artificial Intelligence, Big Data, Internet of Things etc.), the risks are increasing.

Recent attacks have been successful because basic requirements have not been addressed, such as changing default passwords and updating/patching software to the latest versions. Recent attacks against the now non-supported Microsoft Windows XP have been successful (May-17 Wannacry, which also infected other unpatched systems) and recently fears were reported that Britain’s largest ever warship could be vulnerable to cyber attacks after it emerged it appears to be running Windows XP. Microsoft stopped supporting Windows XP in April 2014, took the unprecedented move of issuing a patch to address security risks. It was reported that IT staff across the NHS were sent a link to the latest Windows XP patch at the end of April and if applied could have prevented the attack in May-17.

The UK’s Department for Business, Innovation & Skills (BIS) published an overview of cyber security for executives (‘Ten steps to Cyber Security’) in 2012. Organisations that meet all Ten Steps should be reasonably confident they have taken relevant steps to protect themselves.

There are also International standards which address best practice, ISO/IEC 27001 for information security management and ISO/IEC 27032 on cyber security.

As far as your communication systems are concerned, the same standards of security should apply. More and more as we move to modern telephony, communications hardware and software is integrated into the overall network and can no longer be looked at separately. Start with the following basic questions to reflect on how your organisation is dealing with the threats:

Is security on the agenda at senior management and board level?
Do you have any security policies/procedures?
Do all staff (not just IT staff) discuss security in project meetings and build it into plans?
Do you understand and control how your suppliers deal with security where functions are outsourced?
Do you know if your communications hardware/software (i.e., PBX, servers routers, firewalls, management portals) are using the latest version? When was the last update?
Who knows the passwords to access all of the above? Are these user unique or shared and when were they last changed? Are you at risk of business interruption from lost/forgotten passwords?
Does your insurance cover you for ransomware and business interruptions due to security attacks?

For more information, contact us.

Article by: John Trimble

Back