The NCSC have released their Phishing Guidance – Defend your organisation
The National Cyber Security Centre (NCSC) is a part of GCHQ, working to increase cyber security standards across the UK. Regularly offering advice on its website, the NCSC has recently released its guidance on how to defend your organisation against phishing attacks.
Cyber security has cost the UK an estimated £26 billion, with phishing being the most common type of attack affecting more than 1 million businesses last year. It is a type of social engineering, where cyber attackers rely on users making mistakes such as clicking a bad link or disclosing information. Whilst phishing can be conducted via many channels, such as text messages and phone calls, most people consider phishing attacks to be orchestrated via email.
Phishing is a popular choice among cyber-criminals for many reasons:
- It is an easy method for targeting a lot of people, with many recipients unknowingly forwarding the phishing email to colleagues and friends
- There are many phishing tools available online for little cost, enabling novice hackers to perform phishing attacks
- It can be used alongside ransomware and malware, relying on human errors rather than system vulnerabilities
Typical defences include cyber security training and awareness for employees. However, in its latest guidance, the NCSC have highlighted that whilst awareness is important, there are limitations and drawbacks when training is relied upon as the sole defence mechanism. Instead, the guidance suggests that organisations implement a multi-layered approach to cyber security. The four layers include:
- Making it difficult for attackers to reach users
- Help users to identify and report suspected phishing emails
- Protect the organisation from the effects of undetected phishing emails
- Respond quickly to incidents
To view the full guidance document, click here.
This follows further guidance for SME’s that was released by the NCSC in October 2017. This advice includes backing up data, using strong passwords, protecting against malware, keeping devices safe and avoiding phishing attacks. For more information about this wider 5 steps program, click here.
Eventura work with customers to implement comprehensive cyber security plans, which adopt a multi-layer approach and are tailored to individual business needs. If you are concerned about cyber security and would like to have a friendly chat with our professional team, simply contact us by clicking here.