In the rush to remote working cybersecurity often fell by the wayside so that businesses could just keep the lights on.
You would think companies would be rushing to plug those gaps. But are they? We’re still seeing three types of business: those that have been attacked, those that don’t know they have been attacked, and those that are going to be attacked.
The risks are high with research showing the average cost of an IT security breach is $4.35 M. And 54% of breaches remain undiscovered for months. It’s not surprising really when you can now buy ransomware as a service as cheap as you can subscribe to Netflix.
So, how can you be sure someone hasn’t paid a subscription to attack you?
The simple answer is you can’t.
Which is why you need to take the belt and braces approach to cybersecurity. We all know people who lock the house but leave the windows open. That once you are burgled you install an alarm, use deadlocks everywhere, install floodlights and security cameras, or some just assume it won’t happen to them again – but often it does. A confused.com survey revealed that more than one in six (17%) of burglary victims had fallen prey to being burgled three times or more, and 65% of those in the same property. So, if you don’t protect your fortress properly, you’ll very likely to be targeted again. It’s the same with business cybersecurity.
Often businesses are attacked in a minor way, they do a bit of cybersecurity hygiene then continue as normal. But that was the attack before the real attack. What they haven’t taken into consideration is that most cyberattacks today don’t happen on the fly, they are well researched and planned. The average time attackers spend in the organisation is 240 days before they make their move. They build trust and rapport within the company before they attack.
So why are we comparing a Netflix subscription with hackers?
In effect, once a user identity has been compromised, the “hackers” don’t hack-in, they simply log-on just like you would with Netflix – often undetected until days, weeks or even months later. They quietly sit and collect data from your organisation and wait for the perfect time to hold you to ransom.
Many companies have invested heavily in security products and services, but alarmingly research shows that many don’t have these services deployed and configured correctly, and in many cases the most vulnerable or “privileged” users are the ones least protected.
Here are my top tips for ensuring your business is taking the right steps to prevent a ransom demand:
Simplify your cybersecurity tool set. Simply by making sure your tools are joined up and work together – from Identity and Access Management, Multi Factor Authentication (MFA), application threat control, firewalls, network access control to endpoint protection – you will be better protected. This is not about buying more tools, in most cases it’s about reducing the number and complexity of cybersecurity tools you use and focusing on the vital few that will give you the most effective control by ensuring they are deployed correctly.
Assume breach. Every business should be working from a standpoint of assuming they have already been breached or will be soon. You need to apply zero trust principals and ensure that every access made by every single person onto your network is explicitly verified.
Use Multi-Factor Authentication. MFA combines two or more independent credentials: something the user knows, such as a password; what the user has, such as a security token; and what the user is, by using biometric verification or a known/trusted device. This single action – using MFA correctly – can eliminate more than 99% of phishing attacks of which there are 921 identity attacks every single second. Not using MFA is like locking your front door and leaving all the windows open!
Write and Activate Data Loss Prevention Policies. These protect against accidental or deliberate data leakage by defining how an organisation can share and protect its data. They provide a guide as to how data can be used in decision making without it being exposed to anyone who should not have access to it.
Use an Enterprise Identity Provider. An enterprise identity service – like Azure Active Directory or OKTA – provide single sign-on, multifactor authentication and conditional access to guard against 99.9 percent of cybersecurity attacks. They take away the hassle of verifying each access point every time.
Streamline protection across email, chat, files web apps and endpoints – all these ways of communicating leave you open to attack if you aren’t using the latest cybersecurity technology. Make sure all your tools work across communication platforms and there are no gaps that can be exploited.
Train your users. Regularly training your users on basic security hygiene will go a long way to keeping your business safe. The biggest single source of breaches come from your users clicking on a phishing email or text message. If you educate them about likely breaches and how attackers are thinking and likely to try and reel them in, then they can be your best form of defence.
Patch, patch, patch – and leverage automated patching were possible – across every switch, access point, router laptop and application. It sounds so simple, yet many organisations are still not patching in a timely fashion which is leaving them wide open to attack.
If your business isn’t undertaking all these steps it’s not long before you’ll realise that a subscription has been taken out against you and the hackers have been logging on and off at will. Make it a priority to address the gaps in your cybersecurity protection to lessen the chances of the next call you answer being one asking for a ransom.
About the Author
Rob Quickenden is CTO at Cisilion. Cisilion inspires intelligent change by delivering next-generation IT infrastructure that transforms the way businesses work. Formed in 2000 and with a reputation for excellence, Cisilion has a proven track record of successfully implementing IT solutions for our global client base in 70 countries across five continents.
Our award-winning projects are complemented by our long-standing and strategic relationships with some of the world’s leading technology partners including Cisco and Microsoft. Our mission is simple – to inspire intelligent change by delivering next-generation IT infrastructure that transforms the way that businesses work.
Featured image: ©Brian Jackson