The shortage of IT security personnel, or inadequate cybersecurity measures within organizations large and small is obvious, and in recent years, debated ad nauseam, with little knowledge gained.
So, what should you do to avoid becoming the next casualty of these incessant cyberattacks, or how should you respond to the ensuing fallout that’s bound to follow such attacks?
First, let’s address some simple yet effective security measures before moving on to actual solutions:
Security is a team sport and requires every member of the team’s direct involvement.
Despite the information available on cyberattacks, people still fall victim to attacks from hackers daily. Thus, educating your employees is crucial to the success of your security program–One click on the wrong link is all it takes to wreak havoc on your network and data, so get everyone involved in your ongoing cybersecurity campaign.
Security through obscurity doesn’t work.
Bob’s (my father-in-law) refusal to use his credit card for online purchases-while commendable-will not prevent the number from eventually ending up on the dark web. So, make sure your cybersecurity training is based on best practices and not innuendos.
Classify enterprise data by importance and sensitivity.
Intellectual property, financial records and customer information are a few examples of sensitive data for most organizations. Make sure network segments containing such data use security architecture, such as Micro-segmentation, Zero Trust, User and Entity Behavior Analytics (UEBA), that are designed to protect sensitive information.
Failure to do so will result in data loss, such as the theft of $40M worth of Bitcoin stolen by hackers from crypto exchange, Binance <announced on its website> during a large scale security breach in May 2019.
Improve and future-proof your cybersecurity posture by investing wisely.
Don’t invest in “one-trick pony” security solutions. Instead, partner with Managed Security Service Provider (MSSP) with robust security solutions capable of interfacing and integrating with your existing investments in people, process, and technology.
Build processes that reduce security breaches caused by human error.
Implement FIDO Universal 2nd Factor Authentication (U2FA) solution such as YubiKey, or Titan security key to provide the added layer of security that isn’t achievable using a username and password combo alone.
Once the items listed above are in place, then be ready to address the biggest X-Factor, the end users. It is therefore important to develop a continuing training program to make sure that your employees can identify malicious email and links to questionable websites. Technology alone isn’t the answer.
One important point worth reiterating here is that no amount of security tools (firewall, U2FA, etc.) deployed across your network will prevent your employees from being caught in the web of deceit perpetrated via phishing, malware and Trojan virus. Sophisticated attack vectors will bypass the most observant among us.
The era of attack vectors such as Stuxnet designed to incapacitate an aggressor (or enemy) state’s nuclear program is a thing of the past. Today’s Trojan virus or ransomware can take over a company’s most prized possession, its data, for extortion and intellectual property theft.
So, what is a business to do?
- Make employees and executives training a central pillar of your company’s security culture.
- Develop an incident response process to address cybersecurity breach and the ensuing fallout. It’s only a matter of how, not if you get hacked.
- Work with trusted IT security vendors and MSSPs. Leaders in Gartner’s 2019 Magic Quadrant include Trustwave, IBM,Verizon, etc.
- Leverage cloud security technologies to protect your valuable data while staying a few steps ahead of attackers.This includes use of machine learning, User and Entity Behavior Analytics (UEBA), etc., to identify unusual traffic patterns by both people and machines on your network.
- Develop a disaster recovery plan and test it often to make sure you can recover your data from backup in the event of catastrophic loss or ransomware attack.
Finally, stay vigilant and remember, the race against bad actors looking to usurp your data is a marathon not a sprint.
For more information on Dual Prism services, visit us at https://dualprism.com.
firstname.lastname@example.org | 773-413-9080