OUR GREAT MINDS

    by Tina Olivero

    Is your company safe from the Hacker?

    Knowledge is power

    With three billion users around the globe hooked up, tapped in and communicating, there is an unprecedented power fuelling the world. Knowledge power.

    This information age is far more lucrative to our existence than any natural resource because it is the possibility of a new realm of resources that fit more adequately with our evolution into a globalized world. The information age is limitless, it is infinite, it is expansive, and it is exponential.

    The internet world has revolutionized how most of us live and work. We have access to a global economy that delivers economic growth, increasing national and corporate collaboration, building on creativity and innovation, and creating an entirely new sector of resource potential and jobs.

    Risk does not equal reward

    But with all great revolutions, comes great risk as well. Cyberspace presents a risk to our information functionality, processing, security, financial success, overall capabilities, and market penetration.

    Like all game changing disciplines, our goal is to navigate between the integration and capitalization of the information asset and protect ourselves from threats simultaneously.

    Cyber security is not an IT issue

    Contrary to mainstream belief, cyber security is not an IT issue. It’s an operational risk management consideration that requires strategy, planning, and upfront effective analysis.

    Mitigating cyber corporate decision-making and performance will be improved through the high visibility of risk exposure within the business or organization.

    The cyber security risk impacts share value, mergers, pricing, reputation, culture, staff, information, process control, brand, technology, and finance. Your job is to know “in advance” what those threats may look like and offer assurances against them.

    Cyber security strategic planning ensures a reduction of losses and can drastically improve the “value for money” proposition. Cyber risk mitigation means that companies are prepared for most eventualities, being assured of adequate contingency plans and solution-oriented objectives, long before anything goes wrong.

    The key questions you need to ask

    How confident are we that our company’s most important information is being properly managed and is safe from cyber threats?

    Are we clear that the leadership team and the Board are likely to be key targets for cyber threats?

    Do we have a full and accurate picture of the impact on our company’s reputation online?

    In other words, do you have a cyber-proof communications strategy that supports investor relations, share price, partnership, sales, and investment?

    If sensitive internal or customer information held by the company were to be lost or stolen what would the impact be?

    Do we know who may benefit from compromising your information and why? Do we receive regular intelligence on who may be targeting our company, their methods, and their motivations?

    Do we have a continuous learning and improvement model that changes as the internet grows and expands?

    Do we encourage our staff to learn from others and help identify emerging online threats that may affect their performance?

    Do we have a written information security policy in place? One that is supported by an ever evolving set of variables that consider the rapid rate of internet change?

    Are our people adequately trained to mitigate risk as they perform their jobs and meet goals and objectives?

    Checklist of solutions for reducing your exposure

    There are efficient and affordable ways to reduce your company exposure to the typical cyber attack on the Internet.  This checklist is culminated from the UK National Cyber Security Centre, through their corporate “Cyber Essentials” which is designed to keep companies safe.

    Boundary firewalls and internet gateways establish network perimeter defenses, mainly web proxy, web filtering, content checking, and firewall policies to detect and block executable downloads, block access to known malicious domains and prevent users’ computers from communicating directly with the internet.

    Malware protection establishes and maintains malware defenses to detect and respond to known attack code.  Patch management, patch known vulnerabilities with the latest version of the software, to prevent attacks which exploit software bugs, whitelisting and execution control, prevent unknown software from being able to run or install itself, including AutoRun on USB and CD drives.  Secure configuration restricts the functionality of every device, operating system, and application to the minimum needed for business to function.

    Password policy ensures that an appropriate password policy is in place and followed.  User access control – include limiting normal users’ execution permissions and enforcing the principle of least privilege.  If your organization is likely to be targeted by a more technically capable attacker, give yourself greater confidence by putting in place these additional controls.

    Security monitoring, to identify any suspicious activity.  User training education and awareness whereby staff should understand their role in keeping your organization secure and report any unusual activity.  Security incident management – put plans in place to deal with an attack as an effective response will reduce the impact on your business.

    Source: www.ncsc.gov.uk/white-papers/ common-cyber-attacks-reducing-impact.

    “Cyber Essentials” for small and medium-sized companies

    The globe is standardizing cyber security as we speak. Efficiencies are developing to ensure that the very baseline of online risk is mitigated. A world leading cyber security program designed for corporations that want to enable and enhance operations is called Cyber Essentials.

    IASME is one of the four Cyber Essentials accreditation bodies appointed by the UK Government to ensure cyber security for SME’s. Together with the Certification Body companies, IASME can certify your business to the Cyber Essentials scheme required for many government tenders, resource contracts and success of general operations.

    North Atlantic Technical Resourcing; Cyber Security Accreditation in Canada

    Adopting the success of IASME in Canada, Newfoundland company, North Atlantic Technical Resourcing, more commonly known as NATR, is strategically positioned to support companies in a standardized practice of cyber security that follows the Cyber Essentials accreditation process for Canada. Now companies can use a self-assessment test that will put them in a far superior position for government and resource contracts.In partnership with IASME, NATR will protect organizations with two standards at both the self-assessment and audited levels.

    As well, NATR provides the necessary training, cyber solutions, and expertise required to exceed accreditation requirements.

    IASME Governance Standard complies with ISO27001

    The IASME Governance standard, based on international best practice, is risk-based and includes aspects such as physical security, staff awareness, and data backup. The IASME standard was recently recognized as the best cyber security standard for small companies by the UK Government when in consultation with trade associations and industry groups.

    The audited IASME certification is also recognized to comply with ISO27001 by an increasing number of companies.IASME is one of just four companies appointed as Accreditation Bodies for assessing and certifying against the Government’s Cyber Essentials Scheme in the UK.

    The Scheme focuses on the five most important technical security controls. These controls were identified by the UK government as those that, if they had been in place, would have stopped the majority of the successful cyber attacks over the last few years. Certification in both IASME and the Cyber Essentials will indicate a good level of all-round information security for companies and is, therefore, encouraged.

    Cyber Essentials Features

    Cyber Essentials consists of a self-assessed test designed to support companies with online vulnerabilities. For a review of this test see www.cyberstreetwise.com

    The assessor of the test has access to an appropriate and sufficient set of test files and a remote web page with links to downloadable test files, to test the implementation of the controls specified in the Framework.

    The organization being evaluated has or is prepared to, assert that the controls described in the Scheme Requirements document have been properly implemented. Only vulnerability analysis and verification rather than full penetration testing are required.

    What if you fail?

    Any organization that is awarded a “fail” status for ANY test within this specification document is deemed to have failed overall. Otherwise, a pass status should be awarded. Any action points or observations should be detailed in the final report delivered to the customer.

    NATR support

    Actionable items can be fixed with the support of the North Atlantic Technical team as well as training team members to be sufficient in the day-to-day operations and implementation of cyber security. As well, consulting and analysis supports SME’s in the initial set up and evaluation of operations, from a cyber security perspective. Last but not least, anything missing in the security chain that needs to be implemented will be supported by NATR in the cloud.

    NATR, in a strategic partnership with Alert Logic, has created a revolutionary “Security-as-a-Service” (SaaS) solution. Alert Logic is the market leader in SaaS, protecting more than 4,000 global customers with over a decade experience pioneering and refining cloud solutions that are secure and designed to work with hosting and cloud service providers.

    Fully managed by a team of experts in a new partnership with Canadian firm NATR, the Alert Logic solution provides immediate network, system and web application protection helping SME’s achieve minimum standards and a great security posture without the technical and financial headaches.

    Getting accredited

    In a changing world, risk mitigation is not a luxury; it’s an essential element of the information age. The online super highway can be our greatest asset or our greatest demise. Building a sustainable business foundation means creating a risk adverse, solution oriented cyber platform that ensures corporate security.

    For more information on Cyber Security Solutions with North Atlantic Technical, Contact:
    Gareth Owen – gareth.owen@northatlantictechnical.com

    Did you enjoy this article?

    Baker Hughes & GE

    OGM - Our Great Minds

    * = required field

    We respect your privacy and will never share your information with third parties.