MT Expert's Ten Top Tips: Defending against cyber attack

We've heard plenty about the impact hackers (of the non-phone variety) can have on a company. So how do you prevent it?

by Malcolm Marshall
Last Updated: 19 Aug 2011

With Sony, and even the CIA having fallen foul of hackers lately, we’re all aware of the danger posed by ever more sophisticated, determined hackers, driven less by monetary gain and more by political and ideological motives.
So how do you prevent hackers from taking down your website? We asked KPMG’s head of information security, Malcolm Marshall, for his advice.

1. Brace for war
Be prepared. Find out if you are a target and assess your capacity to ‘catch’ threats before they appear.
2. Prioritise
This new breed of hackers will persist until every potential vulnerability has been exposed. Don’t just defend your ‘crown jewel’ assets – areas perceived as low-risk often provide an easier route in for patient attackers. Stay alert and test for defensive weaknesses.
3. Know your enemy
Levels of determination have increased as motives have changed. These are more than one-off threats. This is prolonged warfare, and requires a different mindset.

4. Strategise
Thoroughly review your current defence strategy and mechanisms. Assessing your vulnerability and existing security capabilities can highlight weaknesses in processes, systems and controls.
5. Learn from your victories and defeats
Organisations that are successful at avoiding security breaches are often highly focused on managing data security and learn lessons from their own, and others’, experiences in the field.
6. Bide your time
A rushed reaction can give the perpetrator more information about the organisation and its defences. Be wary of giving away vital information with an immediate response.
7. Call in support
Create a cross-organisational incident management plan, involving all stakeholders and regulators as well as HR, risk and communications. Escalate the data loss issue to the highest ranks of the business to secure executive level support.
8. Remember: careless talk costs data
Educate your employees to avoid sharing confidential information on social networking pages and to be wary of unknown links or contacts.
9. Beware of hidden threats
The consumerisation of IT in the workplace can create a potential security ‘gap’, as sensitive documents and systems are accessed on unsecured devices. Install security software to protect from leaks and attacks and train staff to understand the risks.
10. Take control
In the event of a breach, notify all customers, regulators and stakeholders early, and detail the action being taken. Ensure that investigation and crisis management capabilities are comprehensive, and that they are implemented quickly to protect reputation, as well as data.

- Image credit: José Goulão/Flickr

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Leadership lessons from Jürgen Klopp

The Liverpool manager exemplifies ‘the long win’, based not on results but on clarity of...

How to get a grip on stress

Once a zebra escapes the lion's jaws, it goes back to grazing peacefully. There's a...

A leadership thought: Treat your colleagues like customers

One minute briefing: Create a platform where others can see their success, says AVEVA CEO...

The ignominious death of Gordon Gekko

Profit at all costs is a defunct philosophy, and purpose a corporate superpower, argues this...

Gender bias is kept alive by those who think it is dead

Research: Greater representation of women does not automatically lead to equal treatment.

What I learned leading a Syrian bank through a civil war

Louai Al Roumani was CFO of Syria's largest private retail bank when the conflict broke...