With over 37,000 ransomware attacks taking place every hour, it’s never been more important for organisations to arm themselves with the most up-to-date information, defences and solutions.
By taking a number of practical steps, companies can build the kind of effective security stacks that don’t just keep out threats – but actively improve data security.
Here’s what’s worth consideration…
The role of the individual
Employees who are informed of the threat ransomware poses to both their and the business’ privacy can play an important role in avoiding data breaches. A recent report shows that a third of breaches involve phishing attacks, and more than three-quarters of cyber-espionage incidents are enabled by phishing – where attackers deceive people into revealing sensitive information or installing malware such as ransomware.
A cyber-savvy employee may be able to identify typical dangers and act with security in mind, avoiding putting themselves in susceptible positions that might expose the organisation to cyberattacks.
Education is not always a quick fix and a single e-learning course as part of an employee’s induction will not be sufficient to mitigate the majority of hazards. Education must become a frequent event that needs to be enforced from the top down.
It is critical to educate staff about social engineering attacks – where people are manipulated into giving away private information. Emails and phone calls should be handled with extreme caution. Teach employees not to open emails from unfamiliar senders and to distinguish between safe and unsafe links.
All organisations should make regular data backups a habit. The best IT professionals follow a simple principle known as the 3-2-1 backup rule: they will essentially keep three copies of their data on two types of media (local and external hard drives) and one copy off-site (cloud storage).
Implement a multi-layered approach
When evaluating your stack, there are a variety of factors that should be considered before signing agreements with vendors.
An organisation can suffer attacks from an end-user’s endpoint – a remote computing device that communicates with a connected network – or server workload. Since there will never be a catch-all tool in the cyber community, it is crucial to implement a multi-layered approach to address different angles of attack and decrease the surface area of these attacks.
A firewall should be the first line of defence in an organisation’s cybersecurity strategy. Other tools that mitigate risk include Zero Trust controls (restricting users, machines, and network access whilst not trusting anyone or anything by default); vulnerability assessments; and cloud security.
Endpoint protection has become an increasingly popular line of defence for sophisticated attacks. Many organisations and government and industry regulations have identified the Zero Trust tools as a more proactive approach to cybersecurity and a way to deal with threats before hackers gain access to the system.
With so many tools available to businesses, it is easy to get overwhelmed when reviewing your cybersecurity strategy. To simplify this process, start with controls:
Application Whitelisting: Control which application is allowed to operate on each endpoint.
Application Containment: Control interactions with allowed applications by limiting interaction with other applications, network resources, registry keys, and files.
Multi-factor Authentication: Take additional steps in preventing damage caused by credential theft.
Firewall: Monitor incoming and outgoing traffic to and from your network.
Privileged Access Management: Control user privileges; add or remove local admin capabilities to or from those who do or do not need them.
Storage Control: Control who or what can access your data stores.
Network Access: Control how endpoints within your network can communicate.
As attacks become more sophisticated, it is important to have a third line of defence and remediation. This can be done with threat detection/operations software:
Anti-Spam/Phishing: Software that blocks potentially dangerous emails from your inbox.
EDR: Endpoint Detection and Response that detects changes in patterns within your infrastructure and alerts your admin team.
MDR: Managed Detection and Response that uses outsourced cybersecurity services, usually with a Managed Service Provider (MSP).
XDR: Extended Detection and Response that detects threats and integrates multiple security products into a cohesive system.
Antivirus: Designed to detect and stop malware.
Threat Hunting: Actively searching for malicious software within your environment that may not have triggered any alerts.
IDS/IPS: Intrusion Detection/Prevention System that monitors network traffic for possible intrusions and stops the detected incidents.
SIEM: Security Information and Event Management that aggregates event data used across application, network, endpoint and cloud environments.
Other tools – which are not needed in every organisational structure but can prove extremely helpful – include content filtering, browser security, Remote Management and Monitoring (RMM) software and backup disaster and recovery.
Research different vendors
It is important to assess your threat landscape to identify and implement the right cybersecurity tools for your organisation. Do some online research and comply with industry standards using tools backed by government bodies.
Taking advantage of these resources can help you assess your cyber readiness and identify gaps in your stack. Furthermore, review sites such as G2 and Capterra can provide you with insight in your industry.
For businesses with a larger spending capacity, a Gartner or Forrester subscription will be a great way to receive additional research and consult analysts on elements of your stack. Connecting with industry experts or joining peer groups can also assist with making better informed decisions for your businesses’ needs.
Online safety: A continuous journey
A multi-layered approach is the best way to mitigate risk and decrease your threat exposure. Components of the cybersecurity stack can change as technology advances and so does the attack landscape, so be sure to review your stack multiple times a year to ensure you are staying up to date with the latest technology.
Ransomware is a continuing, fast-expanding global issue and data privacy is frequently jeopardised, so it has become crucial in today’s cyber landscape to stay one step ahead.
Employing a multi-layered cybersecurity stack and combining it with regular cybersecurity awareness training will decrease your risk and help keep your business safe from cyber attacks.