2 minute read 22 Aug 2018
close up person window

How to defend against common cyberattack methods

By

Paul van Kessel

EY Global Advisory Cybersecurity Leader

Boardroom cybersecurity discussion leader. Values simplicity in language. Enjoys sports and travel. Proud father of a daughter and a son.

2 minute read 22 Aug 2018
Related topics Advisory Risk Technology

Identifying and closing off vulnerabilities in your organization before they are exploited is crucial.

Organizations are likely to be confronted by a wave of attackers of varying levels of sophistication, and they can and must fight back.

Organizations should think in terms of closing the door to the most common types of attack. According to Greg Young, Research Vice President at Gartner: “Through 2020, 99% of vulnerabilities exploited will continue to be the ones known by security and IT professionals for at least one year.”1

Through 2020, 99% of vulnerabilities exploited will continue to be the ones known by security and IT professionals for at least one year.
Greg Young
Research Vice President at Gartner

Identifying and closing off these vulnerabilities in your organization before they are exploited is therefore crucial. Indeed with good cybersecurity hygiene in place — even if this is easier said than done — it should be possible to prevent a very sizeable proportion of common attacks.

For the next few years, patching known vulnerabilities and removing web server vulnerabilities could be the most impactful actions for boosting your cybersecurity.

Vulnerability identification

75%

Respondents who rate the maturity of their vulnerability identification as very low to moderate

Data protection policies

35%

Respondents who describe their data protection policies as ad hoc or nonexistent

Identity and access programs

38%

Respondents who have no identity and access program or have not formally agreed such a program

Breach detection program

12%

Respondents who have no breach detection program in place

For common cyberattack methods, point solutions remain a key element of cybersecurity resilience, with tools, including antivirus software, intruder detection systems (IDSs) and intruder protection systems (IPSs), consistent patch management and encryption technologies that protect the integrity of the data even if an attacker does gain access to it.

Employee awareness is also a crucial frontline defense, building cybersecurity consciousness and password discipline throughout the organization. As the respondents to this survey point out, careless employee behaviors represent a significant point of weakness for most organizations; addressing this weakness is vital.

The maturity of an organization’s cybersecurity approach will determine its effectiveness. In this year’s Global Information Security Surveyof all the cybersecurity management processes discussed, three areas correlated especially closely with the confidence of organizations in detecting a cyberattack: privacy, security monitoring and third-party management.

However, many organizations have serious concerns about the current maturity of their cybersecurity systems.

In order to defend against common threats, organizations need to make sure that the basics are in place. The basics consist of five strategic components:

  1. Talent-centric (cybersecurity is not the sole responsibility of the IT department; it is the responsibility of every employee and even of all the people in the eco system of the organization.)
  2. Strategic and innovative
  3. Risk focused
  4. Intelligent and agile
  5. Resilient and scalable

Summary

With good cybersecurity hygiene in place — even if this is easier said than done — it should be possible to prevent a very sizeable proportion of common attacks. 

About this article

By

Paul van Kessel

EY Global Advisory Cybersecurity Leader

Boardroom cybersecurity discussion leader. Values simplicity in language. Enjoys sports and travel. Proud father of a daughter and a son.

Related topics Advisory Risk Technology