Twenty years ago, security in IT broadly only consisted of firewalls, antivirus, passwords and development patches. Hackers and data thieves soon found ways of attacking these simple devices to gain access to sensitive organisational data.
As a result, security providers and vendors have invested in the development and production of more advanced technologies in order to defend business networks. Many different security products are now available in the defence against cyber criminals such as anti-virus, spyware detection and threat detection software to name just a few.
So, what’s next?
This is the question constantly being asked, along with what will be the next big thing in cyber security? and what will people be talking about in the next year or so?
The answer broadly lies with the cyber attackers. For each method of attacking organisational networks they develop, the vendors will be developing their products and security solutions accordingly, in order to prevent the attacks.
Change is coming
Rather than taking a traditional reactive response to cyber threats, vendors are becoming proactive by developing software to deal with known activity. Having investigated the way in which attackers operate, vendors are introducing this methodology to remove the initiative from the attacker. Realising attackers collaborate between themselves, vendors have now moved into sharing information, such as knowledge and tools, between themselves which in turn decreases the response time to threats.
With this sharing of information, vendors can now look to the future one step ahead of the cyber criminals and by using a more proactive, defensive approach will be better prepared to foresee potential attacks. By adhering to the GCHQ code of conduct guidelines along ISO 27001/2 and by following known practices and a number of elementary processes, businesses can eliminate some of the lower risks.
With cyber criminals constantly developing new threats, it is imperative that organisations keep their cyber security active and up to date.
Businesses should start with basic security best practice, looking at access control as well as applications within the organisation, ensuring these are forced to update and patched as deemed appropriate for your business.
I would welcome your questions on best practice procedures. Please feel free to contact me at [email protected]