Cyber Security should be taken seriously

Cybergate Cyber Security Not Taken Seriously

Cyber Security should be taken seriously


4 signs you’re not taking cyber security seriously

It is common practice that organisations, of various sizes operating in different sectors, do not give cyber security enough importance and priority in their overarching strategy, day-to-day operations and planning. Some companies believe that having a firewall in place and a policy, whereby they ask their employees to change their system login credentials every 45 days, is enough to have peace of mind. In reality, a business which has never experienced a breach will not necessarily feel the need to invest in cyber security and awareness training.

Unethical hackers will exploit vulnerabilities or human errors to gain unauthorised access and subsequently get their hands on your most precious asset – your data!

Every organisation needs an ongoing plan in place to protect against cyber attacks which can result in thousands of euros in damage, or even put you out of business.

Below we touch upon a few elements that show that an organisation is not taking cyber security seriously.

No planning

Without proper planning it might be too late to protect against an attack or shield against sophisticated hacks. Management teams should focus on initially identifying risks and then ongoing risk management instead of solely-relying on reactive risk mitigation. Always ask yourself the question ‘is your organisation prepared to defend and shield against a cyber attack?’. Plans need to have identified risks and a respective responsibility matrix of all the resources involved in cyber security. Plans need to be dynamic and ongoing in nature, as new cyber threats emerge every single day.

No budget allocation

When a company is not allocating any budget to cyber security, it shows that the organisation is not understanding the potential impact a cyber attack can have on its operations, reputation and finances. Budget slices devoted to cyber security should be included in the various departments organisation-wide. It should not only be an allocation in the annual IT budget. Marketing Management should allocate cyber security budgets towards their public facing digital assets such as mobile applications (iOS and Android), corporate website and client portals; the HR department should allocate a part of its budget to deliver cyber security awareness training to their workforce; Operations should ensure a chunk of their budget is focused on business critical systems testing, hardening and continual monitoring against possible cyber threats. 

No Standard Operating Procedures (SOPs)

The aim of an SOP is to offer guidance to a company’s workforce to adhere to a framework of best practices. If in the list of SOPs there is no official procedure governing the cyber security space within your organisation, then it shows that the company is not giving enough weight to cyber security. It will definitely be beneficial to the company and its employees to have a list of dos and don’ts and step by step guidelines for a number of possible occurrences. In addition, a number of company rules can be communicated via these standard operating procedures, such as the imposed use of two-factor authentication, the blocking of certain spam-infested websites and the stopping of downloads and installation of pirated software.

No training

Some of the cyber attacks and exploits are a consequence of human error and lack of awareness from employees’ side. Education is of utmost importance. One needs to understand what the repercussions could be (devastating to say the least!) and how to deal with situations such as the receipt of an email (which can be a phishing email!). When in doubt, employees should have handy an SOP that guides them to what actions need to be triggered. With remote working and bring-your-own-device trends setting in, both training and having solid SOPs in place are key to safeguard a business against cyber crime.

Around 90% of cyber crime begins with email!

Why should you take your cyber security seriously?

Cyber security instills peace of mind and helps organisations avoid possible operational, financial and PR disasters.  Security (including data) breaches cost organisations millions of euro each year and are the reason why a significant number of companies close down.  When developing a cyber security strategy, ensure that it covers all aspects of the business and includes all the following: data, back-office systems, infrastructure, websites, apps, and communication services.

Speak to us today to help you formulate a strategy and work on an ongoing basis alongside your different departments to assess your systems, pen-test and provide you with a list of (potential) vulnerabilities and their respective (solution) recommendations.  In addition, we can provide you with cyber awareness training to educate your employees and minimise human error which black hat hackers are constantly looking out for to exploit.

    We are here to help




    Francesco Mifsud
    [email protected]

    I live and breathe cyber security and everything else in the discipline. With around a decade of experience in the industry I have had the opportunity to develop skills in penetration testing, cloud security, reverse engineering & exploit development, application security engineering, management and organisation-wide cyber security strategy. I hold a well-rounded set of security certifications such as OSCP, eWPTX and CISSP and have delivered training & workshops at some of the most prestigious hacking conferences such as DEF CON, BRU CON, BSides London and BSides Manchester.