The permanently growing number of DDoS attacks puts companies’ information cybersecurity at risk all around the globe.
The need for organizations’ information systems to be backed up by a management programme including an authorized control of data access and operational system continuity in the event of potential cyber attacks is constantly increasing. As a result, contingency plans and risk analysis highly contribute to a secure maintenance of any organization’s information assets.
Unfortunately, the amount of systems’ information breaches is going up everyday. A quick look at the main cybersecurity incidents in the world, published by the Spanish National Cybersecurity Institute (INCIBE), is enough to put this into perspective. “The ranking reveals no sector is immune to cyberatacks.” We are definitely not immune, but we have policies, methods and tools at our disposition, specially designed to increase the security protecting the information we handle.
On the last 28th of February, the servers of the largest community of developers, GitHub, suffered the biggest DDoS attack in history. However, thanks to the implementation and use of the convenient policies and tools, the attack was mitigated in less than ten minutes.
This type of event is a reaffirmation of the need to count on convenient security protocols in order to know what to do when systems are in the middle of a critical situation. These do not only cover the availability of the service, but also aspects related to branding and trust, as well as legal issues capable of driving companies to bankrupcy. Moreover, according to Sun Systems, “67% of organizations suffering from an attack for a period of time longer than two weeks are out of business in less than two years.”
Information Security Management System (ISMS)
Nobody wants to be out of business in two years, and this is where ISMS come in. They allow us to assess all types of risks and threats capable of putting an organization’s information at risk. The ISO 27001 regulation is a key part of this process. It establishes the necessary steps for an ISMS to be made effective. These systems are based on the continuous improvement/ Deming cycle, also known as the PDA cycle (Plan-Do-Check-Act).
As a company, how do you protect yourself?
“What is not defined cannot be measured. What is not measured, cannot be improved. What is not improved, is always degraded.” A company’s protection requires different phases to be put into practice, all of them applied to a wide range of attack points. The type of solutions your organization may need go from employee awareness to network fortification, including 24/7 monitoring services and ISO 27001 processes. This is why a risk analysis is more than necessary to be able to adapt the solutions at hand.
R3 CyberSecurity is specialized on cybersecurity services and consulting. Your security, our commitment.
Carlos Moreno | Cybersecurity Consultant at R3 CyberSecurity