Security Risk Management is offering a free day’s consultancy in support of National Cyber Security Awareness Month.
October may, for many, be associated with the ghouls and ghosts of Halloween. But that is not all this month is about. It is also National Cyber Security Awareness Month. Like Halloween (in its current form) the NCSAM has its origins in the United States. Unlike Halloween, however, it focuses on keeping us safe from those who might wish to harm us.
In 2004 the US Department of Homeland Security and the National Cyber Security Alliance joined forces to create an initiative to educate and raise awareness of staying safe online. Its aim is to engage with and educate businesses, educational organisations and the public in how to build resilience and stay safe online. It is now recognised in the UK as an important way to remind everyone of the potential perils of cybercrime.
This year’s theme is ‘Our Shared Responsibility’ and this has relevance to the business community as well as the general public. Data breaches hit the headlines on a regular basis. Every time a company is exposed in this way it highlights the need for data security to be at the top of every board agenda. It cannot be the sole remit of the IT department or the Chief Information Security Officer (CISO). Its importance is so great that it ought to appear on board agendas every month, even if a sub-group then manages the implementation of compliance and security.
From phishing attacks which exploit human psychology to gain access to an individual’s log in and account details, to large scale Black Hat attacks by highly-organised cyber criminals, company-wide awareness is crucial to protection and defence. Increasingly, boards are becoming aware of their collective responsibility to provide additional resource and support for their information security teams. Outside expertise is an important aspect of this, particularly when it comes to testing a company’s defences.
Rather than waiting for a malicious attack from an unprincipled attacker, it is important to make use of the skills of experienced information security test teams. The very best include individuals with the Offensive Security Chartered Practitioner (OSCP) qualification. Unlike their counterparts with only theoretical knowledge of hacking, those with OSCP training have practical skills. Their rigorous training includes the requirement to be able to effectively hack a range of well-protected networks within a challenging timeframe. Through this process they get into the minds of the hackers themselves.
Those boards that are seen to be proactive will help to make their organisation less appealing to hackers. Those who have engaged with the best test teams will make the actual task of breaching security sufficiently difficult that hackers will look for easier prey. So let October be the month in which every board of every company in the UK prioritises data security and recognises its shared responsibility.
To win a free day’s consultancy, just leave your details on the Contact Us page. The prize includes:
- Development of the information security risk profile of your organisation delivered by an experienced Information Security Consultant;
- A prioritised roadmap to help you focus on the issues to fix now and suggested mitigation steps to help you manage key risks;
- Where your organisation ranks on the GDPR maturity scale and the next steps you should take to be prepared for May 2018;
- A scan of your website to uncover any significant security risks using our best of breed scanning tool;
- Preparation for Cyber Essentials and a discount on obtaining certification.
This prize is worth over £1000 and will provide you with comprehensive insight of your organisations Information Security risk profile.