The shortage of IT security personnel, or inadequate cybersecurity measures within organizations large and small, is obvious and, in recent years, debated ad nauseam, with little knowledge gained.
So, what should you do to avoid becoming the next casualty of these incessant cyberattacks, or how should you respond to the ensuing fallout that will follow such attacks?
First, let’s address some simple yet effective security measures before moving on to actual solutions:
Security is a team sport and requires every member of the team’s direct involvement.
Despite the information available on cyberattacks, people still fall victim to attacks from hackers daily. Thus, educating your employees is crucial to the success of your security program–One click on the wrong link is all it takes to wreak havoc on your network and data, so get everyone involved in your ongoing cybersecurity campaign.
Security through obscurity doesn’t work.
Bob’s (my father-in-law) refusal to use his credit card for online purchases-while commendable-will not prevent the number from eventually ending up on the dark web. So, make sure your cybersecurity training is based on best practices and not innuendos.
Classify enterprise data by importance and sensitivity.
For most organizations, intellectual property, financial records, and customer information are a few examples of sensitive data. Ensure network segments containing such data use security architecture, such as Micro-segmentation, Zero Trust, and User and Entity Behavior Analytics (UEBA), designed to protect sensitive information.
Failure to do so will result in data loss, such as the theft of $40M worth of Bitcoin stolen by hackers from the crypto exchange, Binance during a large-scale security breach in May 2019.
Improve and future-proof your cybersecurity posture by investing wisely.
Don’t invest in “one-trick pony” security solutions. Instead, partner with Managed Security Service Provider (MSSP) with robust security solutions capable of interfacing and integrating with your existing investments in people, processes, and technology.
Build processes that reduce security breaches caused by human error.
Implement FIDO Universal 2nd Factor Authentication (U2FA) solution such as YubiKey, or Titan security key to provide the added layer of security that isn’t achievable using a username and password combo alone.
Once the items listed above are in place, be ready to address the biggest X-Factor, the end users. It is, therefore, essential to develop a continuing training program to ensure your employees can identify malicious emails and links to questionable websites. Technology alone isn’t the answer.
One important point worth reiterating here is that no amount of security tools (firewall, U2FA, etc.) deployed across your network will prevent your employees from being caught in the web of deceit perpetrated via phishing, malware, and Trojan virus. Sophisticated attack vectors will bypass the most observant among us.
The era of attack vectors such as Stuxnet designed to incapacitate an aggressor (or enemy) state’s nuclear program is a thing of the past. Today’s Trojan virus or ransomware can take over a company’s most prized possession, its data, for extortion and intellectual property theft.
So, what is a business to do?
- Make employee and executive training a central pillar of your company’s security culture.
- Develop an incident response process to address cybersecurity breaches and the ensuing fallout. It’s only a matter of how not if you get hacked.
- Work with trusted IT security vendors and MSSPs. Gartner’s 2019 Magic Quadrant leaders include Trustwave, IBM, Verizon, etc.
- Leverage cloud security technologies to protect your valuable data while staying a few steps ahead of attackers. This includes using machine learning, User and Entity Behavior Analytics (UEBA), etc., to identify unusual traffic patterns by both people and machines on your network.
- Develop a disaster recovery plan and test it often to ensure you can recover your data from backup in case of catastrophic loss or ransomware attack.
Finally, stay vigilant and remember the race against bad actors looking to usurp your data is a marathon, not a sprint.
For more information on Dual Prism services, visit us at dualprism.com.
firstname.lastname@example.org | 773-413-9080