skip to main content
Cyber

10 common gaps in cyber security

09/2019
hand typing on laptop blue filter

As the number of cyber attacks increase steadily, businesses must step up their defenses to protect one of their most valuable assets – data. In order to do so, they need to know where their weaknesses are, before implementing measures to plug those gaps.

During the webinar, Tales from the Dark Web, Paul Jackson from Kroll highlighted the 10 gaps in cyber security that organisations face.

 

  1. Unpreparedness

    With the increase in frequency and complexity of cyber incidents in the region and worldwide, organisations cannot afford to be unprepared anymore. Organisations must test their defenses before a breach occurs, and be ready to respond when required. Failing to expect and respond to breaches will come at a high cost as organisations struggle to resume business.

  2. Unknown threats

    To be prepared, organisations must know what the threats are. Knowing the enemy and assets available is key. Beside keeping abreast of the latest developments, organisations can also get intel from the Dark Web to know where their threats are.

  3. Is it too late?

    Attackers may have infiltrated an organisation’s network and are just waiting for the right opportunity to strike. It is recommended that organisations conduct active threat hunting to intercept these attempts, and stop attacks before they happen. Active threat hunting can be done if proper monitoring systems are in place, or via searches on the Dark Web to identify any weak links or exploited areas within the organisation.

  4. Lack of monitoring

    In order to ensure that threats are identified early on, organisations have to ensure that they have the right monitoring solutions in place. Anomalous behavior on the network and endpoints must be flagged at the onset to minimise the organisation’s vulnerability to attacks or fraud.

  5. Open to fraud

    Where processes involve human contact, they will be vulnerable to fraud and misuse. Without proper monitoring in place, these business processes may be compromised.

  6. Mobile / home / travel security

    In the modern organisations, employees commonly work on the go, or out of the office. This means that any form of cyber security implemented in the organisation must be extended beyond the perimeters of the office. Mobile devices and laptops must be secured and employees have to be made aware of the risks and response plans.

  7. Third party / vendor risks

    Beyond the organisations’ systems and employees, it is also vital to ensure that the third parties and vendors you work with have robust cyber security measures and policies in place. Organisations should put in place a regular and structured method to review and assess the security levels of these external parties to ensure that attackers are not able to exploit these loopholes to access the organisation’s network.

  8. Incident handling

    When incidents do occur, organisations must ensure that they manage the crisis properly. A detailed crisis response plan should be in place, and well-rehearsed during “peaceful times” to ensure that everyone is aware of their roles and responsibilities. Mishandling of incidents can result in much higher costs and reputational damage, from which it may be challenging to recover.

  9. Internet of things (IoT)

    With increased connectivity across devices and systems via IoT, a once isolated attack is a much more serious issue these days. Attackers may be able to find ways to enter a particular system through another “door” which may be easier to access. This is tough to monitor, and disconnecting devices and systems is not even an option as the world continues to evolve.

  10. People risk

    Employees can be an organisation’s weakest link, but also its greatest defense. A malicious staff may sell confidential information, or even allow attackers entry into the organisation’s network. An ignorant employee may even unknowingly leave an “open door” for attackers. However, an employee who is aware of the risks and educated about signs to look out for in a breach, is an organisation’s first line of defense. Ensure that employees are familiar with the risks and responses.

     

“Prevention is better than cure” is an apt saying here. All organisations, big and small, should be prepared for cyber breaches. Being able to identify and stop these attacks before they happen will save organisations from incurring substantial costs, and irreparable reputation damage. If an incident does occur, Chubb’s Insureds can be assured of a swift and professional response plan that is part of the Cyber ERM policy. 

Read more about Chubb’s pre-loss services and incident response platform to find out more.

 

Watch

Tales from the Dark Web

Learn how criminals use the dark web, the myriad exposures it creates and why it’s important for organisations of all sizes to understand this digital underworld.

No part of this article may be reproduced in any written, electronic, recording, or printed form without written permission of Chubb.

Disclaimer - The content of the above article is not intended to constitute professional advice. Although all content is believed to be accurate, Chubb Insurance Singapore Limited (Chubb) makes no warranty or guarantee about the accuracy, completeness, or adequacy of the content of this article. Users relying on any content do so at their own risk.

Contact Me
Contact Me

Have a question or need more information?

Leave your contact details and our representatives will get in touch with you.