Lessons to be learned
- It is important for the business to understand the nature of the threat against the business and the impact of a breach on production, finances, intellectual property and reputation;
- Organisations need to be able to continually monitor their networks and have the ability to detect and mitigate intrusions as quickly as possible;
- Security policies and procedures need to be updated regularly and enforced to help information security keep pace with the constantly evolving threat landscape;
- Malware is increasingly customised and targeted. This means organisations need to be prepared for unknown attacks. But that does not mean all other attacks go away. Basic IT security remains vital;
- Human beings are often the weakest link. Consequently, an extremely high proportion of attacks involve a social engineering element. Security awareness training is therefore indispensable;
- Attackers may be using customised attacks, but operating methods typically remain the same. Though intelligence sharing, businesses can continually update their defence strategies.