The web site is now storing only essential cookies on your computer. If you don't allow cookies, you may not be able to use certain features of the web site including but not limited to: log in, buy products, see personalized content, switch between site cultures. It is recommended that you allow all cookies.

What Are the Most Important Measures to Prevent Cybersecurity Incidents?

What Are the Most Important Measures to Prevent Cybersecurity Incidents?

David Cohen

Now that we know the most common cyber-attacks, we can determine how to protect ourselves against them. There are many measures that can be taken to protect our companies against a cyber-attack. However, because of limited time and resources, we cannot do everything at once. Moreover, the measures' cost, complexity, and risks can also be considerably different.
 
With this in mind, Moore suggests the following three clearly defined remediation steps. These will improve any company's cyber resilience and posture and ensure that the cyber strategies developed for the business will align with the company’s risk appetite.
 
1. Cyber Risk Assessment
 
A cybersecurity risk assessment identifies the various information assets that could be affected by a cyber-attack (such as hardware, systems, laptops, customer data, and intellectual property) and then identifies the various risks that could affect those assets.
 
It has become imperative that all boards and leadership teams of organisations have a thorough and updated understanding of their threat landscape and the associated security controls to ensure cyber resilience.
 
A completed risk assessment will result in a remediation roadmap. This clearly identifies residual threats and risks and the actions required to mitigate the identified threats and reduce the residual risk to an acceptable level.
 
2. Vulnerability Assessment and Penetration Testing (VAPT)
 
Vulnerability Assessment and Penetration Testing (VAPT) describes a broad range of security assessment services designed to identify and help address cybersecurity exposures across an organisation's IT estate.
 
Why Is It Important?
 

  • Prioritise key risks in your organisation and set up your risk management process to allow you valuable insight into vulnerabilities in your network.
  • Identify and resolve vulnerabilities and misconfigurations before attackers have a chance to do so.
  • Once completed, your company will be aligned with globally-accepted best practices and be POPIA compliant.
  • Identify the unknown external and internal vulnerabilities to the network that hackers exploit to gain access to a company's strategic assets.

 
What Results Can You Expect from the VAPT:
 

  • It offers short-term tactical fixes for immediate remediation for all outstanding vulnerabilities within the tested environments.
  • A strategy will be developed around long-term strategic measures that will proactively thwart any potential repetition of vulnerabilities discovered during testing and new ones.
  • A robust set of conclusions and industry best-practice recommendations based on real-world scenarios and tangible evidence of performance.
  • A prompt engagement in remediation efforts and continued security assessments is reinforced to ensure consistent and ongoing security risk monitoring and security posture.
  • A fully-developed cyber resilience roadmap addressing all the issues uncovered and the strategic business objectives was developed and is being implemented.

 
3. Why Staff Cyber Awareness Training Is Critical to Building Cyber Resilience
 
Most companies realise that their staff are their greatest asset, but (in a cyber context) may also be their greatest liability. This is because up to 90% of all cyber-attacks have an element of social engineering associated with the attack. By understanding the sophistication of social engineering and how hackers can manipulate staff through incredibly sophisticated and well-orchestrated human attacks, your company can embark on a defined and measured process of continuing cyber awareness education.
 
Our three-part series has illustrated that cybersecurity will only increase in importance in the coming years, as indicated by the increasing number of cybersecurity incidents. This increase is driven, among other things, by the rate of digitisation of our society and the increased focus on data privacy. Since a cyber incident can cause considerable damage (both tangible and intangible), it is important that adequate security measures are in place for your organisation's key assets. Unfortunately, these insights in many organisations often come too late, and action is only taken after a cyber incident has occurred – refer here for part one.
 
We have covered the typical cybersecurity incidents that your organisation faces daily in our second article – refer here for part two.
 
Cybersecurity is a complex topic, requiring many factors to be considered and many measures to be taken. This is the main reason why so many organisations are reluctant to take decisive action.
 
Perfect security does not exist, and even after making considerable investments in cybersecurity, cyber incidents can still affect your organisation.
 
It is important to apply the above approach to focus on practical, tried, and tested measures to reduce your cybersecurity risk and increase your peace of mind. Work with cybersecurity professionals and ensure that the whole company and not just the IT team buy into and understand the risks associated with cyber-attacks.
 
Contact your local Moore firm here.

Get in touch