Cyber security has never been more critical for organisations, especially now, where threats constantly evolve. At the Data Protection Practitioners’ Conference 2024 (DPPC24), there was more than one session on cyber security, emphasising a powerful reality: cyber incidents are inevitable. It’s not a question of “if” but “when” an incident will occur. This isn’t meant to alarm but underscores the importance of preparation. With the right strategies, organisations can significantly mitigate the damage caused by these incidents and recover faster.
This article will explore key insights from the DPPC24 session and cover practical steps to enhance cyber resilience, from setting up robust incident response plans to implementing simple but effective tools like multi-factor authentication.
Cyber Security in the Spotlight at DPPC24
One of the standout sessions at DPPC24 was titled “Availability – the Forgotten Corner,” led by cybersecurity experts who focused on the often-overlooked components of data availability and system resilience. This session shed light on how every organisation, regardless of size, is a potential target for cyber attacks. Many businesses, tiny and medium enterprises (SMEs), often assume they’re not significant enough to be targeted, but in reality, attackers frequently employ broad tactics that can impact anyone.
The speakers reminded attendees that preparation for cyber incidents should involve everyone within an organisation, from IT professionals to everyday users who access the system. By fostering a proactive approach and building a culture of cyber resilience, organisations can better withstand the impact of an incident.
Essential Cyber Security Strategies from DPPC24
The DPPC24 sessions on cyber security provided a range of actionable insights. Here are some of the top strategies shared by the experts, which any organisation can start implementing and that don’t cost a fortune:
1. Multi-Factor Authentication (MFA)
Multi-factor authentication (MFA) is one of the simplest yet most effective ways to prevent unauthorised access. Traditional passwords can be relatively easy for attackers to crack, especially if employees reuse or choose weak ones. MFA adds a layer of security by requiring users to verify their identity through a second method, such as a text message or authentication app. This makes it significantly more challenging for hackers to breach accounts, even if they manage to obtain passwords. Organisations starting with MFA should consider prioritising high-risk systems and sensitive data first.
2. Vulnerability Management and Patching
Cybercriminals often exploit known vulnerabilities in outdated software to gain access to systems. This makes regular vulnerability scanning and timely patching essential practices for any organisation. During the session, the presenters emphasised that patch management doesn’t need to be complex or costly. Organisations can close common security gaps by scheduling regular updates and automating vulnerability scans before attackers can exploit them. A robust patch management policy can help ensure that all software remains up-to-date and secure.
3. Password Policies
It may sound logical and obvious, but the more complex the password, the more difficult it is to crack. The NCSC advises using random phrases or three random words to ensure a mix of upper and lower-case numbers and special characters. Where possible, use computer-generated passwords and a password manager.
4. Data Backup and Recovery Plans
Ransomware attacks and data breaches can lead to significant data loss, making a robust backup and recovery plan critical for continuity. Data backups should be kept separate from primary systems, ideally in a secure, encrypted format, so that they are accessible even in the event of a system-wide attack. DPPC24 speakers recommended testing recovery plans periodically to ensure they function as intended. During a crisis, a well-executed recovery plan can minimise downtime and reduce the long-term impact on the business. Organisations should also decide on a minimum viable data set they need to resume operations quickly.
5. Incident Response Plan
Having a documented and well-practised incident response plan is essential for any organisation. This plan should outline containment, eradication, and recovery steps and designate specific roles for team members to avoid confusion during an incident. The DPPC24 speakers highlighted the importance of practising incident response plans through simulated exercises, such as tabletop exercises, to ensure everyone knows their role when an incident happens. By doing so, organisations can identify and address potential gaps in their response plan before a crisis occurs.
Why Preparation is Essential
A powerful message from the DPPC24 session could be: “The time to repair the roof is when the sun is shining.” In other words, the best time to prepare for a cyber incident is before it happens. Waiting until an incident can lead to rushed, inefficient responses that increase the likelihood of more significant damage. By investing in preventative measures and training, organisations can reduce the risk of an incident and respond more effectively when it occurs.
One emerging trend mentioned was “double extortion” ransomware attacks, where attackers exfiltrate data before encrypting it, using the threat of public exposure to coerce organisations into paying the ransom. Such sophisticated tactics highlight the importance of a well-rounded incident response plan that addresses containment and communication strategies.
Next Steps for Organisations
If your organisation hasn’t yet developed a comprehensive cyber incident response plan, consider this your call to action. Here are some immediate steps you can take based on insights from DPPC24:
- Implement MFA across all critical accounts and systems.
- Schedule regular vulnerability scans and patch updates to ensure all software is current.
- Set up monitoring and alerting systems to catch suspicious activity early.
- Establish a data backup and recovery plan that includes regular testing.
- Create and rehearse an incident response plan to prepare your team for the inevitable.
These proactive measures can go a long way in building a culture of resilience and readiness. Remember, a well-prepared organisation is better equipped to handle a cyber incident effectively, protecting its data and reputation.
Stay Tuned for More DPPC24 Insights
This blog is part of our DPPC24 series, where we share key insights from the Data Protection Practitioners’ Conference 2024. In our next post, we’ll discuss the importance of meaningful consent in data privacy practices and explore ways organisations can more effectively engage individuals in their data protection journey.
Other articles you may be interested in: