News By Tag
News By Location
Phaistos Cyber Security Awareness Programme
Be cyber secured out there - act now - Evaluate your system/data/third party
Since there is no controlling mechanism to track these attacks, another gambling-related cyber-assault situation will be in place, until the insurance risk necessarily results in a risk-and-damage assessment in order to reduce the loss of money.
The person who was usually responsible for dealing with a situation after a cyber attack in his company, until recently was not a network security technician but a publicist.
This has to and will change!
All risk and damage assessments following a system/data breach should now be documented.
With regard to targeted attacks, Equifax lost the personal data of millions of users and associates, since they were in their corporate systems for months without knowing they were under espionage/penetration, as well as the training of personnel files by cybercriminals. In Deloitte, they remained about 6 months and downloaded files.
In 2017, more than 100,000 large-scale cyber-attacks in state and private machinery have caused significant financial damage.
Until 2021, it is expected that there will be a rapid evolution of losses amid cyber-attacks and a rise in IOTs and devices, which are also the major part of the third party chain of connected devices/systems/
In a generalized cyber-attack, preparedness, especially in large businesses like Maersk, has no mitigating effect and therefore ignorance "kills"; in the particular attack the damage for 2 days when there were no terminals to allow the chain to continue its course estimated in $300 million and affected the status of the company.
Every three to four days we hear a shaky cyber-attack, most of which are targeted. Before we did not hear that so often. Why? Has something changed? Let's say an insurance risk and therefore the cyber insurance policy?
Or does the professional consistency and fear of penalties started to be observed?
Cyberculture evolves or moves accordingly, consistent with the strategies of multinational technology & internet companies that supply generic cyber-security solutions to their parent machines or programs in conjunction with the economic policies of the companies that are customers and in the third party, giving space in this way, to cybercriminals to develop new resilient and usually successful infiltrations into mass cyber attacks through a pathway.
Individual / personalized targeted cyber attacks through long-term espionage have a tremendously high percentage of success in generating a disaster for the financial resources of a company.
The deadline for compliance with the GDPR is in 3 months. The advisory and legal part is very important for the preparation and enforcement of legislation but it cannot prevail without the technical assessment and support of a 24/7 alert system to stop an attack and give all the necessary information within 72 hours. The action should be complete and the logic says that you cannot scramble without breaking the egg, that is, being compliant knowing but not doing it that.
In about 3 years (until 2021) expires the second deadline for the NIS Directive.
Is 3 years period enough for the European and the global community to change and comply with the system/data evaluation, evaluate the vulnerability to cyber-attacks or in the midst of staff readiness after training sensitization and evaluation of the human factor?
In case the laws are not clear or will only be complied with in order for the mechanisms to evaluate the company for how many cyber-starters it will have as asset for stock or investment/loan reasons.
Unfortunately, cyber attacks specifically on the third party will become in the blind and as time passes will grow rapidly and in most cases targeted.
Check out our Video: Phaistos Cyber Security Awareness Programme on youtube at https://www.youtube.com/
CEO Phaistos CybSec