Remote work options became essential for businesses during the COVID-19 period. During the same period, cyber-attacks escalated, praying on vulnerabilities in VPNs and cloud-based technologies.
ISO/IEC 27001 for Information Security Management Systems provides a holistic risk-based approach to protecting your business and your team against cyber-attacks.
Now Three Categories
Two to three years ago, most organisations that asked us to audit their cyber security systems were either looking to ensure the risk to their business was being effectively mitigated or were being asked by their customers to attain information security certification as a requirement for future contracts. Increasingly, a third category is now emerging – businesses that have been hacked and suffered data loss through malware or ransomware attacks, and want to prevent future attacks.
And these threats are growing – particularly in critical sectors. A recent research report showed industrial control system based successful attacks increased by 44 percent, while breaches in the critical manufacturing sector rose by nearly 150 percent in the first half of 2020.
Remote Work, VPNs, and Cloud-Based Technologies
One of the key findings is that four of the most targeted vulnerabilities in 2020 involved remote work, VPNs, or cloud-based technologies. Many VPN gateway devices remained unpatched during 2020, with the growth of remote work options due to the COVID-19 pandemic challenging the ability of organisations to conduct rigorous patch management.
Multinational cyber security advisory groups recommend that organisations apply available patches for known vulnerabilities and implement a centralised patch management system.
Information Security
ISO/IEC 27001 for Information Security Management Systems, the internationally recognised standard for information security, provides a holistic, risk-based approach to identifying the range of attack vectors and risks that apply to an organisation, the range of controls that can be used to mitigate the risk, and their effectiveness. This enables targeted action to address vulnerabilities and gaps to reduce risk.
ISO/IEC 27001 is now one of the fastest growing international standards, and the number of certified organisations in Australia has more than doubled in less than two years, with many more organisations in the process of working towards certification the standard.
TQCSI Certification of ISO/IEC 27001
As your business becomes more and more 'digitally enabled', why not contact us for a chat or a free quote to discuss how certification to an internationally recognised standard in information security could help you reduce risk and win future business. Our experienced team have helped organisations of all sizes and types across Australia and internationally to reduce their cyber-security risks.