With the current discussion of budgets – what is your company’s security budget shaping up to invest in or leave out? The UK and US government are heavily investing in Cyber Warriors

[1] who will defend against cyber-attacks. The UK government put aside £650m to spend before 2015 on the Cyber Security Programme and to resist cyber-attacks that cost the UK between £18bn and £27bn a year.[2] 47% of companies have a bigger security budget this year, compared to 8% who plan to have less.[3]

The question is do you invest and have lower business continuity and disaster recovery bills, or do you take the chance and hope you aren’t hit?

“There are two types of companies; those that know they’ve know they’ve been hacked and those that don’t”[4]

There is a wide range of software protection that will provide the barrier, the moat and drawbridge around your information, however for it to be of any use to you, your organisation needs to use it. The Natanz Nuclear Enrichment Plant was brought down by Stuxnet[5] the virus which was spread by an individual and an infected USB stick. APT1, unit 61398[6] of the Chinese government, successfully gained access to company information by launching targeted spear phishing attacks on individuals inside the organisation.Unknowingly the individuals downloaded malicious malware which allowed the Chinese to create backdoors to steal information.

The Internet and technology create a wide attack surface for criminals; mobile technology, wireless access, hotspots, cloud capabilities, social media, BYOD[7] and working from home. Social media gives criminals a goldmine of information which they harvest to target individuals and businesses, and this allows them to identify prime victims to target with phishing attacks. Criminals are using tactics like waterholing[8] and sophisticated phishing campaigns, which are successful because individuals are not aware of the problem. It only takes 2% of individuals to click on the link for the criminals to reap the benefits. To combat leaking of information, individuals need to understand the threat, and know how to spot the signs of a potential attack.

Ultimately, the money which goes towards protecting the perimeter (systems/networks) of your organisation could be undermined by an employee who does not know better than:

  •  to send work home
  •  to click on a phishing email that looks to come from their boss
  •  use an infected USB stick



If your organisation would benefit from cyber security training get in touch at enquiries@templarexecs.com

[1] http://news.softpedia.com/news/60-of-Americans-Support-Government-s-Spending-on-Cyber-Warriors-Survey-Shows-329991.shtml

The Strategic Defence and Security Strategy –http://www.direct.gov.uk/prod_consum_dg/groups/dg_digitalassets/@dg/@en/documents/digitalasset/dg_191634.pdf

[2] Richard Clark http://www.theinformationdaily.com/2013/02/25/uks-cyber-security-strategy-delivering-early-benefits-say-nao

[3] http://www.darkreading.com/security-monitoring/167901086/security/security-management/240010635/it-security-spending-to-grow-even-more-in-2013-study-says.html

[4] http://www.webpronews.com/china-has-hacked-every-u-s-major-company-claims-richard-clarke-2012-03

[5] Stuxnet worm – http://www.bbc.co.uk/news/technology-11388018

[6] Mandiant Report – http://www.bbc.co.uk/news/world-asia-china-21502088

[7] Bring your own device – individuals taking personal devices to work is creating security issues

[8] Waterholing – planting malware at sites deemed most likely to be visited by the targets of interest