Benjamin Franklin once said, “By failing to prepare, you are preparing to fail.” These sage words unfortunately describe the dilemma many companies are facing on a daily basis with increasing frequency. Whether because of a lack of resources to commit to cybersecurity or the C-suite’s reluctance to do things differently, companies are suffering from a rash of bad actors seeking to profit from cyberattacks and the loss of data because of negligent handling by insiders.
While cyber risks are not entirely preventable at this point in time, learning from past events is crucial to preparing adequate defenses for the future. For each of the cyber risks discussed below, five current and effective tips on how to prepare for cyberattacks and data breaches are presented. Many of the tips overlap for each cyber risk, but as you can see, a common theme starts to emerge: cybersecurity starts at home.
Data breaches happen for myriad reasons. They can be caused by an employee or contractor that has access to sensitive information, like Capital One. They can arise from the negligence of a third party working on equipment that is interlinked with a company’s operational computer system, as in Target. Data breaches can also arise because of the theft of information that is accessible to bad actors, as Equifax experienced. The list goes on, but what we have learned from these events is helping guide the future of cybersecurity.
Some current tips for protecting against data breaches include:
- Physically and electronically securing your servers and conducting ongoing risk assessments.
- Requiring background checks on contractors that are given access to computer systems.
- Investing in Endpoint Detection and Response, logs, Security Information and Event Management and Network Detection and Response.
- Requiring your vendors to maintain robust cybersecurity and certify their efforts at compliance.
- Having an incident response plan in place now because when a problem arises the time to prepare has passed.
Insurer Beazley has reported that data shows ransomware attacks increased 37 percent in the third quarter of 2019. Approximately 25 percent of those incidents were caused by attacks on an IT vendor or managed service provider. While some speculate that the increase in attacks is related to the rise in the price of Bitcoin, others conclude that businesses are simply easy targets because of a failure to acknowledge cyber risks and prepare appropriately.
Tips for preventing a ransomware incident include suggestions 1 and 3-5 above, plus the implementation of a strong educational program for employees who are the chief facilitators of ransomware attacks.
People are the weakest link in the cybersecurity chain, and oftentimes a company’s cybersecurity culture will not be popular with employees because it limits their access to information that is both business and personal in nature. However, until better defensive mechanisms are available, slowing down those that innocently aid these types of attacks is a proven course of action.
Social engineering has been described as getting someone to do something that they would not have otherwise done. For example, an accounts payable clerk changing the wire information for a vendor from a domestic bank to a foreign bank based on a single email that purports to come from the vendor. Every day a company is shocked to discover that changes in wire instructions came from an imposter that has now disappeared with the transferred funds and a vendor that is still looking for payment.
Convenience and speed have created new risks to companies that are causing staggering losses that are compounded by hours of valuable time that needs to be devoted to recovery efforts. Similar to ransomware, people unwittingly facilitate these bad actors. As a result, items 3-5 above apply equally to social engineering incidents.
Rounding out the other two tips are:
- The need to slow transactions down to independently verify information that relate to funds transfers.
- The development and maintenance of internal controls requiring sign-off by at least two people before funds transfer instructions are modified.
If the accounts payable clerk in the example above had picked up the phone and called the vendor, they would have been informed that the request to change wire instructions was fraudulent. If the company had a policy in place requiring that another individual sign off on the change, perhaps that person would have questioned the request, or scrutinized the email address from where the request originated, or noticed that the purported vendor was using a strange writing style in their correspondence. These steps slow down the process, but they are just as necessary as locking the front door, which also takes time that no one would ever question.
By preparing, you lay the groundwork to succeed in the fight against cyberattacks and data breaches. If the tips suggested in this article had been implemented in past incidents, few would argue that they would not have either prevented the incident or greatly diminished the negative effects. The best tip for preventing these types of unfortunate events from occurring is to get buy-in from the entire organization in addition to your support vendors because cybersecurity does start at home.
This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security Magazine. Subscribe here.