M15 warns of cyber-attacks – is your business prepared?

Add to: Digg Add to: Del.icio.us Add to: Facebook Add to: Furl Add to: Google Add to: Live Spaces Add to: MySpace Add to: StumbleUpon Add to: Twitter
Thursday July 5, 2012 at 7:11pm
It was reported recently that UK businesses are facing ‘astonishing’ levels of cyber-attack. In a speech, Jonathan Evans of intelligence agency MI5 warned that internet vulnerabilities are being exploited by criminals with the attacks representing a threat to the integrity of any information held by an organisation.

Companies are reporting higher numbers of attacks on their systems over the past three years and the vast majority of companies believe the number of cyber attacks will increase in the next few years. Worryingly perhaps most companies claim to be ‘very confident’ in their ability to deal with cyber attacks. Really?

With the warning from MI5 I’d suggest that businesses should evaluate their defences rather than wait to be attacked before acting. It is not sufficient in current times just to install a firewall and anti-virus software thinking your systems are protected. How do you know your network would stand up against a serious attack?

Whilst ISO27001 compliance might reassure you that you have systems and processes in place to keep data safe under ‘normal’ circumstances are you sure that your systems are robust enough to withstand a malicious attack, either from someone external to your organisation or from within? 

There are legitimate ways you can have your systems tested. Believe it or not there are ethical hackers out there who can test your systems for you.

The term ‘ethical hacker’ refers to security professionals who apply their hacking skills for defensive purposes. There are many different forms of security testing. Examples include vulnerability scanning, ethical hacking and penetration testing. Security testing can be conducted using one of two approaches: 

Black-box with no prior knowledge of the infrastructure to be tested 

White-box with a complete knowledge of the network infrastructure. 

Internal Testing is also known as Gray-box testing and this examines the extent of access by insiders within the network. 

With MI5 saying that it’s not “just our government secrets but also the safety and security of our infrastructure, intellectual property that underpins our future prosperity and...commercially sensitive information” that are at risk, business owners would be wise to consider the threats they face and the commercial implications of an attack. We can of course advise if needed. 

Marcus Allen
Parker Management Consultants

Comments on this post:

There aren't any comments for this post yet. Why not be the first to comment?

Share your experiences:

Your Name  
(to appear with your comment)
Email Address  
(will not be published)
Human Validation Check  
In the box below, please type the characters that you see in the picture. This helps us to ensure a real person (and not a crafty computer!) is submitting this form.

Enter the code shown to the left:

Parker Management Consultants, 1st floor, Dominion Court, 43, Station Road, Solihull, B91 3RT Contact us here