Call us on 0330 332 7933

Cyber security: the biggest challenges and how to overcome them

As an IT manager, does cyber security cause you technological headaches and workplace frustration?

According to reports, there’s yet another predicted spike in malicious cyber activity on the horizon. To get prepared, businesses are investing considerable cash in hiring security professionals, maintaining business privacy and avoiding cyber attacks. I’ve read that, in 2017 alone, these protection efforts cost businesses $86.4 billion worldwide.

But what are your most common online security challenges? Often, it’s not just deploying the right security technology. Getting buy-in from your Board and educating your staff on the importance of vigilance can be just as challenging, yet the solutions to these are far less costly:

Getting your Board onboard

You may find that your online security processes are left to you and your IT department to manage and disseminate.

Indeed, our latest research on cyber security shows that only 30% of senior business leaders have an in-depth understanding of online security threats. A further 7% have very little or no understanding whatsoever.

This is a reason for serious concern — your senior leaders are just as, if not more than, likely to be targeted by cyber criminals as they have the easiest access to the most sensitive business information.

Your Board needn’t be online security experts, but they do need to keep on top of your security policies, your latest online threats, how you mitigated them, and what they should be on the lookout for.

This could take the form of monthly meetings, a quarterly board presentation or even just a regular newsletter to keep them involved in your cyber security processes.

Educating staff on your security policies

According to The Telegraph, last year saw a rise in Business Email Compromise (BEC) scams, as well as phishing attempts impersonating board level executives, using phishing PDFs and phishing sites.

Every staff member in your business has a role to play to ensure your company remains secure.

Worryingly, a significant number of these threats begin with a single staff member opening a malicious attachment or clicking on a phishing email. Every staff member in your business, therefore, has a role to play to ensure your company remains secure.

Your role, as an IT manager, is to deliver educational training to help workers understand your company’s security posture. Explain where your company is strong and weak, and where you’re actively plugging the security gaps. This training should highlight your workers’ responsibilities in your company’s security policy.

This training should include:

  • What to look for in a malicious email
  • What to do (and not do) with an email they’re not expecting
  • How to recognise suspicious content

The responsibility of security technology

Ransomware is still one of the leading cyber compromises today. It has been out in the wild for many years, but reared its head in the last couple of years. The scary thing? It’s totally indiscriminate.

Today, no business — whether you have hugely complex operations, process highly sensitive data, or simply run as a normal SME — can afford to be without a cyber security strategy. As well as educating your staff and engaging your Board, deploying robust security technology is an essential step.

Subscribe to our thinking

At Intercity, our wealth of industry experience means we understand the biggest online security challenges for businesses. In turn, we developed Touch Secure, our Security as a Service (SECaaS) — an end-to-end service that provides both application control and an intrusion protection system, as well as traditional firewall features. The concept of Touch Secure was to take an organisation’s perimeter security, firewall antivirus, and remote access systems, and to put them into the cloud.

The best bit? It removes your burden or responsibility as IT manager, takes your security off premise and delivers it back as a service. That means you avoid the frustration, unexpected costs and inflexibility of standard online security.

Online security should, therefore, be a collaborative effort across all business units and departments. Once everyone is familiar with the process of protecting your business, your first line of defense becomes far more secure. Find out how Touch Secure could protect your business in the cloud, whilst you ensure your company has a thorough and transparent security policy.

Up next

Discovering managed, cloud-based next-generation cybersecurity

Cloud computing is commonplace within the public sector, but have you considered the benefits of using cloud-based security to protect the perimeter of hybrid cloud computing and on-premise networks?

You probably know about our managed firewall services but might not know about Touch Secure – our managed, cloud-based, next-generation firewall service (NGFW) which secures your network perimeter, independent of location.

How we started

Sometimes the best way to find out whether a product will succeed is to sell the concept before building it: that’s exactly what happened with Touch Secure.

Last summer, our public-sector account team were with a customer discussing their IT issues, which included traditional firewalls. Their biggest challenge was growth in client Internet usage, which was overwhelming network capacity. As the firewalls became exhausted, performance dropped and users became frustrated.

They had a small team, multiple sites and a base of almost 1,000 clients. As they were kept busy managing applications and data critical to the day-to-day running of the organisation, outsourcing management of their cybersecurity was something they were keen to do.

Our solution: Touch Secure

If you’re familiar with the basic principle of cloud computing – a centralised computing resource, partitioned into separate virtual servers – then think of Touch Secure as being similar, except it uses a centralised firewall resource, partitioned into separate virtual firewalls.

A key difference is that Touch Secure provides next-generation cybersecurity measures. What are these? Whereas traditional firewalls allow/block packets based on port, protocol, source/destination addresses, NGFWs examine packet payload, protecting against user behaviour, whether accidental or malicious.

A key difference is that Touch Secure provides next-generation cybersecurity measures.

The main measures are email filtering, web filtering and application control:

  • Email filtering is an anti-spam and anti-virus feature which examines email, searching for and removing any viruses, Trojans and worms. It also filters unsolicited marketing, phishing and spam messages.
  • Web filtering restricts or controls what a user may access on the Internet. This improves security, prevents inappropriate activities and increases productivity.
  • Application control detects and takes action against network traffic based on the application that generated it, such as a Facebook posting or a Dropbox file sync.

Sandboxing

This may be new to you, but with the increasing threat from zero-day exploits, particularly ransomware, it’s important to understand what it does. Code spans a continuum from known good to known bad – the mid-point is unknown code. Firewalls cannot stop the most sophisticated attacks because they rely on identifying known attack indicators.

On encountering unknown code, a firewall sends it to the sandbox for analysis, entailing teasing it into exposing itself. On identifying new malware, the sandbox quarantines and sends it to the sandbox manufacturer, which sends a signature update to its global base.

Monitoring & Self-Service

Outsourcing cybersecurity management doesn’t mean that customers lose visibility. Our OnePortal provides real-time visibility of events and user security incidents. We’re adding self-serve capabilities enabling administrators to make changes like traffic-shaping users and managing session concurrency. Administrators therefore retain visibility and control of routine tasks, leaving us to take care of managing the underlying cybersecurity service.