Attacks becoming increasingly sophisticated
Corrupt links are often found in phishing emails. These may appear to be genuine messages in terms of the language and graphics used. They may appear to originate from your bank, a supplier or your manager.
“The best protection against this threat is regular micro training, such as reminders and status updates to keep employees aware of the risks.”
Micro training can be used, for example, to provide information about what to do when opening links, emails or shared documents and how to recognize when something is not genuine.
“Something that everyone needs to understand is that what is considered secure today will definitely not be in the future. Assessing security classifications for various kinds of data is a fundamental aspect of data-security work, and something that Sectra has considerable experience of.
“The question you need to ask yourself is what would happen if the wrong people were to access sensitive data and compromise it? Or if they were to prevent you from accessing it? What would the consequences be? For individuals, the organization and the country as a whole.”
The right level of security
For a company, sensitive information may include price lists or blueprints. For a public authority, however, it may include registers or maintaining round-the-clock services. All of this determines how, where and with whom data should be stored in order to ensure compliance with applicable legislation and maintain the right level of security.
“One example of processes that are difficult to assess is software build processes—who has done what and when. There have been cases where malicious entities have compromised well-established software developers and manipulated products to spread malicious software.”
