Security Operations Centre SOC

As your business becomes more digitally connected and reliant on technology for performance, the level and threat of cyberattack increases.

There are currently a number of types of cyber threat that you need to protect your business against.

Ransomware attacks: Ransomware is a type of malware that encrypts a business’s files, demanding payment in exchange for the decryption key. The ransom can vary in size but will usually be a significant cost that we would urge you not to pay as there is no guarantee that you will be decrypted or that you won’t be targeted again.

Protection against ransomware, can include the implementation of anti-malware software, keeping your systems up to date and backing up critical data regularly.

Malware attacks: These attacks involve infecting a company’s computers or network with malicious software that can steal data or disrupt operations.

Business email compromise (BEC) / Phishing and social engineering attacks: These attacks use fake emails, messages, or calls to trick employees into revealing sensitive information or downloading malware by ‘pretending’ to be a ‘legitimate’ source, an email from a trusted sender, as an example.

To protect against phishing attacks, businesses should introduce email filters and also train employees on how to identify and report suspicious emails.

Distributed Denial of Service (DDoS) attacks: A DDoS attack involves a threat actor overwhelming your business’s servers and network with traffic which makes it unavailable to users. To protect against DDoS attacks, businesses can implement traffic filters and use a content delivery network to distribute traffic.

Passwords: Password attacks include brute-force attacks, dictionary attacks, and other methods of cracking passwords to gain access to sensitive information. If passwords are too predictable or remain unchanged for long periods of time, they can be easily guessed or cracked, leaving easy access for hackers.

To protect against password attacks, businesses should insist on strong passwords, implement multi-factor authentication, and limit the number of login attempts.

Human error: Strategic or otherwise, human error threats come from within an organisation, from employees who suffer from lapses in concentration, are not trained properly or those who have access to sensitive information and abuse that access.

To protect against insider threats, businesses can limit access to sensitive data, monitor user activity, implement rigorous ongoing training and introduce policies to help minimise insider threats.

Third-party risks: Many organisations give system and network access to 3rd party suppliers or vendors who may not operate at the highest security level. Their vulnerability can make you exposed to the same cyberattack.

To manage this risk, establish clear policies and procedures for working with third-party vendors, including security requirements, data handling practices, and incident response protocols. You should also regularly monitor and review your vendors’ security practices and address any issues that arise.

Unsecured wireless networks: These can provide an easy access for cybercriminals to access your organisation’s network.

Lack of security updates and patches: If your organisation fails to install security updates or patches then your network will be exposed to known vulnerabilities.

Ensure that your security updates and patches are as up to date as possible.

SQL injection attacks: SQL injection attacks involve hackers using malicious code to exploit a vulnerability in a web application to gain access to a database, where they can amend, delete or steal sensitive data.

To protect against SQL injection attacks, businesses can use prepared statements and parameterised queries, limit user input, and regularly test all web applications for vulnerabilities.

Ultimately all data is sensitive, from customer data to financial information, everything is under constant threat from cyber criminals.

Here are some steps that your organisation can take to protect their sensitive data:

Identify and classify sensitive data: Identify the types of sensitive data that the business handles, where it is stored, and who has access to it. Classify the data based on its level of sensitivity and importance.

Implement access controls: Limit access to sensitive data only to select personnel. Implement strong password policies, multi-factor authentication, and other access controls to ensure that only authorised personnel can access the data.

Encrypt sensitive data: Use encryption to protect sensitive data when it is transmitted or stored – this offers protection for data even if it is intercepted or stolen.

Offer mandatory cyber training to all staff: Employees need to be made aware of how to identify and prevent cyber threats. It is important that everyone in your organisation understands the implications of a cyber breach and that it is everyone’s responsibility to remain vigilant and alert.

Use up-to-date software and hardware: Keep software and hardware up to date to ensure that they are protected against known vulnerabilities and threats.

Back up data regularly: Your organisation needs to have a process in place to ensure that data is backed up regularly to a secure location. This can increase the likelihood that data can be recovered in the event of a cyber-attack or system failure. (Your data should already be backed up to a secure location to protect against fire, theft and natural disaster.)

Monitor and detect cyber threats: Implement systems to monitor and detect cyber threats in real time. This can help identify and respond to threats before they cause significant damage.

Develop an incident response plan: It is important to have in place an incident response plan, outlining the key steps that the business must take in the event of a cyber-attack, including how to mitigate the damage, notify affected parties, and restore normal operations.

It is essential that your organisation commits to managing passwords consistently – here are some suggestions that you might consider:

1. Use long, complex passwords that include a mix of uppercase and lowercase letters, numbers, and special characters. Avoid using common words or easily guessable information like birthdays, names, or addresses.
2. Implement multi-factor authentication: Multi-factor authentication means that users must provide two or more forms of identification to access an account, such as a password and email or text message.
3. Regularly update passwords: Ensure that all users regularly update their passwords and are not using the same password for long periods of time.
4. Limit access: Limit access to sensitive systems and data to only those who need it. Implement role-based access controls to ensure that users only have access to the systems and data they need to do their jobs.
5. Monitor and audit access: Monitor and audit access to systems and data to ensure that only authorized users are accessing them.
6. Use a password manager: Consider using a password manager to securely store and manage passwords for all accounts. This can help ensure that strong passwords are used and that they are regularly updated.
7. Offer training: Educate users on the importance of strong password management and access control, and train them on best practices for creating and managing passwords.

According to the UK Government, cyber-crime costs businesses in the UK £21B annually:

– £9.2B from IP theft
– £7.6B from industrial espionage
– £2.2B from extortion
– £1.3B from direct online theft
– £1B from theft or loss of customer data

Regardless of the size of your business, the costs of a cyberattack could be deadly.

Potential costs of a cyberattack on your business include:

Financial losses: Some of the obvious costs resulting from a cyberattack include the theft of funds or money paid out as a result of extortion. Other additional costs come from repairing the damage from the attack to your infrastructure and networks, notifying any affected 3rd parties (customers, suppliers, vendors…) and paying any compliance fees and penalties.

Business disruption: Could your business withstand 24 hours of disruption? A week or longer? Longer? In the short term, an attack can impact productivity and revenue and for more serious breaches, organisations might need to shut down temporarily until issues are resolved. Depending on the sector, some businesses will suffer more than others.

Legal and regulatory costs: Depending on the territory, the type of breach and the associated legal implications, your business may be subject to legal and regulatory action, resulting in fines, penalties, and legal fees.

Reputational damage: It’s hard to quantify but impossible to ignore the fact that a cyberattack will have an impact on an organisations’ reputation – a fact endorsed by the suggested high numbers of organisations who do not disclose cyberattacks. Reputational damage can result in the loss of customers, revenue and perhaps most importantly, trust.

Customers and suppliers expect businesses to have the ability to protect sensitive data – not doing so can have serious long-term implications for your business.

Cost of remediation: In cybercrime, prevention is the best cure. After an attack, your organisation will not only need to retrieve lost data but will need to future proof itself against further attacks which might include building in additional security attacks. Businesses may also need to implement additional cybersecurity measures and controls, all of which can be expensive.

Insurance premiums: Following cyberattacks, organisations are likely to see an increase in their insurance premiums, as they are seen as potentially ‘higher-risk’ by insurers.

The SOC is the ideal solution for businesses who want Enterprise-grade threat protection and incident response capabilities. The SOC analyses all data activity across your organisations’ networks, servers and databases, 24/7, giving you protection regardless of the source or attack type.

Training. It is suggested that almost 90% of all successful data breaches are as a result of human error. It is important that organisations, regardless of scale or size, train staff to help them understand the significance of cyber threats and to be vigilant for phishing emails and suspicious attachments see our staff cyber security awareness training information page here.

Antivirus software should be integrated into your infrastructure but it is important to acknowledge the imperfections of antivirus against unknown threats.

It is essential that you regularly update your systems and software. Older servers can be more susceptible to cyberattack. More often than not, businesses might decide to hold off on replacing servers or upgrading software. Our advice is to weigh up the cost of upgrading against the cost of business disruption, financial loss and reputational damage.

A vulnerability assessment is a pre-emptive measure that involves using a number of tools and techniques to identify potential vulnerabilities across a network. These include network scanners, penetration testing, and vulnerability scanning software. Any vulnerabilities are then logged and ranked and can be dealt with in order of severity.

As cyberattacks become more frequent and sophisticated it is important for organisations to regularly review logs of system and network activity. This allows you to identify any unusual activity or unauthorised access before any significant damage is done.

It is our recommendation that all businesses should prepare to be attacked and take the pre-emptive measures of having an incident response plan outlining how your business should respond to a cyberattack, including steps to mitigate the damage, notify affected parties, and restore normal operations.

As part of the LoughTec security service, we assist our customers in incident response planning, guiding them on damage mitigation, data retrieval and helping them resume normality as soon as possible.

 

As a small business, there are several best practices for securing your hardware and software systems in relation to cybersecurity:

Use strong passwords: Use strong, unique passwords for all of your systems and applications, and avoid using default or easily guessable passwords. Consider using a password manager to help you create and manage strong passwords.

Implement multi-factor authentication: Use multi-factor authentication (MFA) to add an extra layer of security to your login process. MFA requires users to provide additional authentication factors, such as a fingerprint or a one-time code, in addition to a password.

Keep software up to date: Keep your software and operating systems up to date with the latest security patches and updates to address vulnerabilities and reduce the risk of exploitation by attackers.

Use firewalls and antivirus software: Use firewalls and antivirus software to protect your systems against external threats and malware.

Limit access to sensitive data: Limit access to sensitive data and systems to authorized users only, and use access controls such as role-based access control and permissions.

Regularly back up data: Regularly back up critical data to protect against data loss and ensure that systems can be restored quickly in the event of a cyber-attack.

Monitor network activity: Monitor network activity to detect suspicious activity and potential threats, using tools such as intrusion detection and prevention systems.

Provide security awareness training: Provide security awareness training to employees to help them recognize potential threats and understand best practices for keeping systems and data secure.

Third-party vendors can pose significant cyber risks to small businesses. This is because they may have access to your business’s sensitive data, systems, and networks, but may not have the same level of security controls and practices in place as your business.

Here are some risks associated with third-party vendors and ways to manage those risks in relation to cybersecurity:

Data breaches: Third-party vendors can be a source of data breaches if they do not have adequate security measures in place. This can result in the loss of sensitive data, which can be damaging to your business and its customers.

To manage this risk, you should conduct due diligence on potential vendors before engaging with them, and require them to provide evidence of their security controls and practices. You should also include data security requirements in your vendor contracts and ensure that vendors comply with your security standards.

Malware infections: Third-party vendors may introduce malware into your systems and networks through their products or services, which can compromise your business’s security.

To manage this risk, you should conduct regular security assessments of your vendors, including vulnerability scans and penetration testing. You should also require that vendors keep their software and systems up to date with the latest security patches and updates.

Lack of control: Third-party vendors may operate outside of your business’s control, making it difficult to manage their security practices and mitigate risks.

To manage this risk, you should establish clear policies and procedures for working with third-party vendors, including security requirements, data handling practices, and incident response protocols. You should also regularly monitor and review your vendors’ security practices and address any issues that arise.

Supply chain attacks: Third-party vendors may be targeted by attackers as a way to gain access to your business’s systems and networks.

To manage this risk, you should implement a vendor risk management program that includes regular risk assessments and security reviews. You should also require that vendors implement security controls such as encryption, firewalls, and access controls.

By managing the risks associated with third-party vendors, you can help to protect your business’s systems and data from cyber threats. It’s important to regularly review and update your vendor risk management program as new threats and risks emerge.

 

Phishing (and spear phishing) are also known as social engineering attacks that rely on psychological manipulation to trick individuals into divulging sensitive information or performing unauthorized actions.

Here are some ways a small business can prevent and respond to social engineering attacks:

Prevention:

Training: Train your employees on how to identify and avoid phishing emails and other social engineering attacks. They should be able to identify the common signs of a phishing email, such as suspicious links or attachments, a sense of urgency or fear, and requests for personal information.

Use Anti-Phishing Tools: Use anti-phishing tools such as spam filters, antivirus software, and firewalls to help detect and block phishing emails.

Enable Multi-Factor Authentication (MFA): Implement multi-factor authentication for all your critical systems and applications, such as email accounts, customer portals, and financial accounts.

Keep Software Up-to-Date: Keep your software and operating systems up to date with the latest security patches and updates to address vulnerabilities and reduce the risk of exploitation by attackers.

Use Strong Passwords: Use strong, unique passwords for all of your systems and applications and avoid using default or easily guessable passwords.

Response:

Isolate Infected Systems: If an employee falls for a phishing attack and clicks on a malicious link or downloads a malicious attachment, isolate the infected system immediately to prevent the spread of the malware.

Notify Relevant Parties: Notify relevant parties, such as your IT team, incident response team, and affected customers, of the attack and provide details of what happened and what actions you are taking.

Change Credentials: Change the passwords for all affected systems and applications, and revoke any access tokens or session cookies that may have been stolen.

Investigate the Attack: Investigate the attack to determine how it occurred and what information was compromised. This can help you identify the root cause of the attack and take steps to prevent similar attacks in the future.

The COVID-19 pandemic has forced many small businesses to adopt remote work policies. While remote work can offer benefits such as increased flexibility and reduced costs, it also comes with some risks to cybersecurity. Here are some of the risks associated with remote work and ways to secure your remote workforce:

Risks:

Insecure Remote Access: Remote workers often access company data and applications from outside the company’s secure network, which can expose them to risks such as man-in-the-middle attacks and unauthorized access.

Phishing and Social Engineering Attacks: Remote workers are often more vulnerable to phishing and social engineering attacks due to their increased reliance on email and messaging platforms.

Unsecured Home Networks: Remote workers often use their own personal devices and home networks, which may not have the same security measures as the company’s network.

Lack of Visibility: Managers may find it more difficult to monitor and manage their remote workforce, which can make it harder to identify and respond to security incidents.

Ways to Secure Your Remote Workforce:

Use a Virtual Private Network (VPN): A VPN can help to secure remote access by encrypting data and routing it through a secure connection. (The LoughTec WFH solution is used by colleges, businesses and organisations throughout Ireland.)

Provide Secure Devices: Provide remote workers with secure company-owned devices that have the necessary security software and policies in place.

Implement Multi-Factor Authentication (MFA): MFA can help to reduce the risk of unauthorized access to company systems and applications by requiring an additional authentication factor beyond a password.

Use Cloud-Based Security: Cloud-based security solutions can help to protect remote workers from phishing and other social engineering attacks.

Train Employees on Cybersecurity: Educate your employees on cybersecurity best practices and the risks associated with remote work. This can include training on how to identify and respond to security incidents and how to secure their home networks.

Monitor and Manage Devices: Implement policies and procedures for managing and monitoring remote devices to ensure that they are up-to-date, secure, and in compliance with company policies.

 

A disaster recovery plan (DRP) is a vital component of a small business’s overall business continuity strategy. The DRP should outline the procedures that the business will take to recover from a significant disruption to normal operations, such as a cyber-attack, natural disaster, or other unexpected event. Here are some key components of a disaster recovery plan for a small business:

Identify critical assets: The first step in developing a DRP is to identify the business’s critical assets, including data, applications, and systems. This will help the business prioritize its recovery efforts and ensure that the most important assets are restored first.

Define recovery objectives: The DRP should define the business’s recovery objectives, including recovery time objectives (RTOs) and recovery point objectives (RPOs). RTOs define the maximum amount of time that the business can afford to be without access to its critical assets, while RPOs define the maximum amount of data loss that the business can tolerate.

Establish recovery procedures: The DRP should establish procedures for recovering from a disruption to normal operations. This may include procedures for restoring data from backups, recovering applications and systems, and restoring physical infrastructure.

Define roles and responsibilities: The DRP should define the roles and responsibilities of key personnel, including the disaster recovery team, IT staff, and other stakeholders.

Test the plan: The DRP should be tested regularly to ensure that it is effective and that all personnel know their roles and responsibilities. Testing can be done through simulations, tabletop exercises, or other methods.

Update the plan: The DRP should be updated regularly to reflect changes in the business’s critical assets, IT infrastructure, or other relevant factors.

Establish communication procedures: The DRP should establish procedures for communicating with employees, customers, suppliers, and other stakeholders in the event of a significant disruption to normal operations.

 

Cloud-based backups: Many cloud-based services offer automatic backups of data, which can be accessed from any location. This option provides ease of use and accessibility while also offering some degree of data redundancy.

On-site backups: On-site backups involve copying data to physical media, such as hard drives or tape, and storing them on-site. This option offers more control and customization but may be subject to physical damage and theft.

Off-site backups: Off-site backups involve copying data to physical media and storing them off-site, such as in a different location or with a third-party vendor. This option provides additional protection against physical damage or theft but may be subject to bandwidth limitations or other restrictions.

Hybrid backups: A hybrid backup approach combines on-site and off-site backups, offering both the control of on-site backups and the redundancy of off-site backups.

 

Accessibility: With cloud-based backup solutions, businesses can access their data from anywhere with an internet connection, which makes it easy to work remotely or from different locations.

Scalability: Cloud storage allows small businesses to scale their storage needs up or down as their business needs change, without having to invest in additional hardware.

Redundancy: Cloud-based backup solutions often offer redundancy and data replication across multiple servers and locations, which increases the reliability and availability of data.

Security: Cloud-based backup solutions often have multiple layers of security, including encryption and authentication, which can help protect data from unauthorized access.

Cost-effective: Cloud-based backup solutions can be more cost-effective for small businesses as they eliminate the need for expensive hardware, software licenses, and IT personnel to maintain the backup system.

On the other hand, onsite backups also have their advantages. They offer greater control and customisation, and businesses can store their data on their own servers or hard drives. Additionally, onsite backups are not subject to internet bandwidth limitations and can be faster to restore in the event of a data loss.