X
Število kibernetskih napadov se je v zadnjem letu podvojilo. Vas zanima, kako se jim lahko izognete? Postanite del naše skupnosti.
In the last year, the number of cyberattacks doubled compared to the year before. Do you want to repel potential threats? Join our community.
  • Skip to primary navigation
  • Skip to main content
  • Skip to footer
Carbonsec – Cybersecurity Consultancy Services Company

Carbonsec - Cybersecurity Consultancy Services Company

Cybersecurity services for businesses to be hackerproof, because it sucks to waste unnecessary time dealing with cyber criminals instead of focusing on business.

  • Services
    • DDoS test
    • Penetration test
    • Red Teaming
    • ICS Security
    • Cybersecurity Consulting
    • Secure Static Code Review
  • Solutions
    • Pentera Automated Penetration Testing Solution
    • Breach and Attack Simulation (BAS)
    • Simulated phishing attacks
    • Free Tools
  • Training
    • Security Awareness Training
    • Security for Developers
    • Purple Team Coaching
  • News
    • News
    • Blog
  • Company
    • About Us
    • Leadership Team
    • Careers
    • Partners
  • Contact
  • SLO
  • Email
  • Facebook
  • LinkedIn

Cybersecurity strategy for leaders

14. May, 2020 by Carbonsec Team

Cybersecurity has become a regular topic on board meetings

Cybersecurity in a corporate environment requires the highest level of support in the company. Last year, according to a study by the Ponemon Institute, the average damage caused by a cyber intrusion was just under $4 million. Such vast damage doesn’t happen momentously. The problem is that the attackers could be present and unnoticed in the corporate IT environment for two or even more months. The average detection time of the attacker has fallen sharply in recent years, but on average, according to the M-Trends report, it is still 56 days. The greatest progress in this sense is reflected in the EMEA region, which is most likely due to the GDPR, which forces companies to take better care of cybersecurity when it comes to personal data.

COVID-19 is an additional opportunity for cybercriminals

Quarantine has introduced a lot of chaos and a sharp increase in internet use, which is a mecca for hacker scams that is unfortunately already showing consequences. In March 2020, Google recorded a 350% increase in the presence of fraudulent Internet sites that hunt down usernames and passwords. The amount of phishing e-mails has also risen sharply. KnowBe4 records a 600% increase in email attacks from COVID-19 for Q12020. Let’s not forget that more than 90% of all intrusion attempts start with the delivery of malicious code via phishing. Phishing remains the number one attack vector.

To reduce the likelihood of a cyber intrusion that could damage your company’s reputation and jeopardize your business, we’ve put together some general strategy recommendations:

1. Establish a company-wide cybersecurity culture

Make sure all managers promote and fully support all employees in strictly adhering to security policies. Education, awareness, and training program for all employees should help.

2. Hire a competent cybersecurity manager

The CISO should have sufficient resources and autonomy, and above all the trust of top management, to be able to establish and effectively manage a comprehensive security risk management program for the entire company.

3. Introduce a comprehensive cybersecurity assessment program that includes:

  • Phishing email campaigns
  • Testing email security mechanisms
  • Simulating real-world attacks on servers and workstations
  • Automated vulnerability management
  • Penetration testing of systems and applications

4. Encrypt all data-at-rest and communication channels

Data carriers such as a USB stick or a hard drive are vaults for information, so they should be additionally protected. Communication channels should also be well protected, especially those that allow access to information from the outside of the organization.

5. Introduce privileged access management and two-factor authentication

Managing privileged user accesses is one of the most important weapons in the fight against hackers. The password is the ultimate key for the attacker, so it should be protected on multiple levels.

6. Introduce the Zero Trust model

Introducing the concept of complete distrust has nothing to do with trust in your employees. Through additional restrictions at the network level, it reduces the likelihood of unauthorized access to sensitive information that could be carried out by an attacker at later stages of a potential attack.

7. Establish a compact security incident response plan

A well-prepared plan to respond to a cyber intrusion will put you one step ahead of attackers. Test and adjust the plan regularly.

8. Establish a system for continuous monitoring and response to security incidents

There is no 100% security, an intrusion will happen eventually. If you are ready for it, it will be stopped in time and without major consequences. Monitor your environment with specialized security detection tools, trained personnel, and pre-arranged procedures.

9. Establish a system of regular management of security patches

Each new security patch provides a new idea and opportunity for attackers to get into your network, but only if you don’t install the patch. Applying software fixes in more complex environments is not a piece of cake, but that should not be an excuse for greater risk.

10. Ensure good resilience of all information and communication systems

Establish and regularly test a business continuity plan (BCP) and a disaster recovery plan (DR) along with an “off-line” backup system.

Consulting,  Remote work,  Security Awareness

Let’s work together

Get in touch with us and send some basic info about your project.

Get Quote

Footer

ABOUT

Cybersecurity services for businesses to be hackerproof, because it sucks to waste time dealing with cyber criminals instead of focusing on business.

  • Email
  • Facebook
  • LinkedIn

CONTACT

CARBONSEC Ltd.
Hacquetova ulica 8
1000 Ljubljana
Slovenia

info@carbonsec.com

QUICK LINKS

  • Join our community.
  • Blog
  • Terms & Conditions
  • Privacy Policy
  • Cookies

SERVICES

  • DDoS test
  • Penetration test
  • Red Teaming
  • ICS Security
  • Cybersecurity Consulting
  • Secure Static Code Review
  • Training

Copyright © 2022 Carbonsec · Created by mod.si

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT