Published on 11th April 2019
When it comes to cybersecurity in today’s world, the question businesses are asking is no longer “Will our IT system be attacked?” but rather “When will our IT system be attacked?” With the imminent threat of cyber attacks on individuals and companies of all sizes, it’s crucial to have a plan in place in the event of a breach. To help prepare yourself and your company, we’ve laid out a few examples of where threats lie and a few best practices for defence.
• It’s reported that 44 per cent of companies estimate that they could lose just over $10,000 within just one hour of downtime.
• According to Oracle’s Mark Hurd, 95 per cent of cyber attacks on databases can be prevented if administrative procedures are put in place to patch systems in a timely manner.
• Studies have shown that approximately 60 per cent of small businesses will close within six months following a cyber attack on their software.
• 75 per cent of security breach incidents is caused by insider threats.
Before you can decide how to best prepare and protect yourself, you need to first understand your current situation. That can be achieved by asking yourself a few key questions.
• What and where are the breach points within your company?
• What are your current cybersecurity policies?
• What is the company’s level of readiness for a cyber attack?
Answering those few questions at an average of once per quarter can help keep you alert and agile in order to best prepare for the ever-evolving forms of attack.
Recognize internal threats
Whether intentional or not, internal threats are real and worthy of attention. While many companies focus entirely on outside attacks, there’s a good chance your biggest threat is sitting in the office next to you. Insider threats can unfold by accident or through malicious efforts; either way, it’s important to take precautionary actions.
According to the 2018 Insider Threat Report, 51 per cent of companies are worried about
accidental or unintentional data breaches through user carelessness, negligence or
compromised credentials. In order to avoid these unfortunate occurrences, it’s important to review and adjust your employee policies as necessary. Limiting access to sensitive information on a need-to-know basis and logging any activity done on company devices as well as backing up information regularly are recommended practices. Finally, to alert employees to the potential threat they pose, providing educational resources on safe email and internet practices can help prevent individuals from unintentionally falling victim to a phishing or malware attack.
Preventing malicious insider threats requires performing many of the same actions as unintentional ones. Sharing access to information on a need-to-know basis and adjusting that access as necessary as well as tracking those actions is crucial. Should an employee be moved off an assignment or a project end, reverting the originally granted access can prevent damage in the long run. Closely monitoring employee actions can also help prevent and detect possible threats. With the increasing volume of insider attacks, 94 per cent of companies monitor their technology users’ behaviour with tools such as User Behavior Analytics to help detect, classify and warn of anomalous behaviour.
Inform and educate
Former Intel CEO Andrew Grove once stated, “Only the paranoid survive.” This isn’t to say you should scare your employees into paranoia, but it’s critical to make them fully aware of potential risks. Education and training sessions on topics such as the main types of cyber attacks, red flags to look out for and post-attack plans can help everyone feel more prepared. Here are a few recommended practices for educating your team.
• Fully explain the potential impact that a cyber attack could have on your company and the consequences that could result from careless behaviour. Leaving a company laptop unattended in a public location, revealing personal information over an open WiFi network and other common habits are all potential risks.
• Hold everyone responsible for the company’s cybersecurity. Hackers don’t discriminate between IT personnel and others, so everyone needs to be conscious of their actions.
• Implement internet safety rules for company devices such as encouraging password regulations and caution when opening emails or attachments from unknown addresses.
• Train employees to recognize signs of a cyber attack and communicate a clear response plan.
Adapt with the times
As security measures improve, unfortunately so do hacking abilities. New strains of hacking methods crop up on nearly a daily basis, making it imperative for organizations to anticipate and prevent attacks before they’re even developed. By being proactive in creating and implementing cybersecurity plans, organizations can position themselves a step ahead of potential hackers.
Test your strength
The only way to know if you’re truly prepared for a cyber attack is to see how your defence plan stands up against an attack. To test your strength, simulating a breach and playing out your post-attack plan can help determine any weak points and get employees acclimated to their position in the plan. Password strength tests are also a good idea for employees to utilize, especially if they regularly update their passwords.
As our society becomes increasingly reliant on technology, the threat of cyber attacks will continue to rise and spread. Proper preparation is the best defence and we hope these tips assist you in achieving just that.
Guest Contributor: Maddie David
Maddie Davis is co-founder of Enlightened Digital and web designer from the Big Apple. She lives by running marathons and reading anything and everything on the NYT Best Sellers list.