Bad actors have too many methods to take advantage of vulnerable organizations, and they’re getting more sophisticated with time. That’s why it’s imperative that your organization is aware of potential cyber threats and has the right measures in place to avoid falling victim to an attack.
Bill Walter from our Technology Solutions Group and Alex Rutkovitz Spigel from Choice Cyber Solutions presented a webinar featuring the biggest security concerns for 2022, the timeline and cost of a cyberattack, and tips for how you can defend against hackers and train your employees to identify their tactics.
Let’s dive into key takeaways from the webinar so you can make sure your organization is up to speed on the latest threats and how to protect against their disastrous results.
Today’s Top Cyber Threats
In today’s online environment, here are the main methods hackers use to take advantage of unsuspecting organizations:
- Ransomware and malware
- Social engineering and phishing
- Crypto mining
- Office workflow changes and operating remotely
- Cloud software applications
In May 2021, there were mass gasoline shortages after the ransomware attack on the Colonial Pipeline‘s networks. Colonial had to shut down its entire gasoline pipeline system for the first time in its history. Had a risk analysis and remediation taken place prior, there wouldn’t have been an opportunity for this sort of attack to happen.
Today’s hackers are using sophisticated tactics through texting, email, social media and phone calls (vishing or “voice phishing”) to gather information. You need to be diligent and aware of who you’re giving information to through these channels.
Email is the most used avenue into an organization. Attackers are becoming increasingly calculated with their tactics to impersonate senders to get your information or credentials. Be sure to examine the sender thoroughly and do not just willfully submit information that’s requested via email.
The Costs of a Cyberattack
An attack can have devastating consequences on an organization, some that they can’t recover from. Below are the average costs of an attack:
- Ransomware: the average payment is $570,000
- Down time: the average downtime is 21 days
- Dwell time: the average dwell time for an attack (the amount of time between an attacker’s penetration into a network and when the organization discovers their presence) is 73 days
- Cost: the average cost to an organization is $1.85 million
What You Can Do to Prevent an Attack
Patching and Upgrading Your Software and Devices
Patching is the most important thing you can do to keep your networks secure. Occasionally, a patch can cause an issue, but the risk of not patching is far worse than an infrequent inconvenience.
If you have a business-critical system that can’t be patched because it is no longer supported, you must put additional security layers in place to segregate that device from the rest of the network in case it becomes compromised.
Endpoint Protection
Endpoint protection, detection and response (EPDR) adds security that goes beyond traditional anti-malware measures. EPDR has active processes to detect threats that standard antivirus applications won’t pick up on, including monitoring tools that watch for processes, services and when configured, a zero-trust application model.
Data Continuity
Just backing up your files isn’t enough. Local backups can be encrypted and ransomed just like servers, so you need a solution that offers an image level backup, backs up in a timely manner and has a copy both onsite and offsite. That onsite copy should be kept separate from the rest of your servers so it isn’t compromised in the event of an attack.
Policy of Least Privilege
You want to make sure that the security you’re using for people accessing your sensitive files is following the policy of least privilege. According to the Cybersecurity and Infrastructure Security Agency (CISA), least privilege means that “every program and every user of the system should operate using the least set of privileges necessary to complete the job.” For example, the receptionist shouldn’t have the same level access as the CFO. The role a person has dictates the rights they need into the applications and file shares within your organization to help prevent improper use.
Review Your Remote Access
With the rise in remote access over the past couple years, it’s important that you review your system and applications to ensure that 1) only people that need it and use it have access to it and 2) you have layers of protection in place. As some organizations that previously had remote access began opening it up to more employees, they didn’t lock down what certain users were able to gain access to inside their network. When using remote access, users should only be able to get into areas of the network that are approved and appropriate based on their role.
Multi-Factor Authentication (MFA)
MFA can stop some of the most invasive cyber security threats, especially in email and remote access. This provides an extra layer of protection to confirm your identity, so even if bad actors get ahold of your username and password, they still won’t be able to access your information.
Results from the webinar poll asking attendees about their use of MFA showed that 58% have it in place everywhere possible.
Security Awareness Training and Empowering Employees
Employees are the number one threat to an organization’s cyber security. You must ensure your team members are empowered and educated on the latest cyber security best practices, and know how to spot a threat to reduce the opportunity for an attacker to enter your network.
Prioritizing a culture of cyber security and compliance across your organization will help grow confidence among your employees and enable them to keep sensitive information secure.
Password Management
You can strengthen security among your employees with the use of a password manager to store passwords securely. Using a password manager saves you from shortcuts employees may take to remember passwords, potentially opening the opportunity for that information to become compromised.
Strong, complex passwords can be stored and shared safely when using a password manager that requires a password and MFA to access. You should also enforce policies within that password management system that comply with your organization’s rules. Having a password manager in place will increase your level of security, even though your eggs are all in one basket, because you are able to protect all your logins and shared logins with employees or clients.
Top Cyber Drivers
Many organizations are being pushed to prioritize their cyber security because of the following factors:
- Cyber insurance
- Client questionnaires
- Mandatory audits
- New regulations
- Privacy laws
54% of webinar attendees responded that applying for cyber insurance was their main driver for implementing cyber security measures.
What’s the Difference Between Security and Compliance?
Security is the state of being free from danger or a threat. Compliance is the act of obeying an order, rule or request. Your current cyber security measures may be compliant, but you still face risks without added security. You want to make sure you have the right layers of security in place to guarantee complete protection. Simply being compliant doesn’t mean you’re as secure as possible.
Next Steps to Enhance Your Security
Take action today to increase your organization’s cyber security with these next steps:
- Test backups regularly for your organization’s devices so you know they work properly if needed
- Separate your business and personal information where possible and never use the same passwords for business and personal resources
- Set up MFA for all applications, especially ones that house sensitive information
- Use a secure password management software to store, share and protect your logins
- Schedule a risk assessment to identify vulnerabilities hidden in your network and what’s holding you back from meeting compliance requirements
Need Help?
Our Technology Solutions Group includes a team of cyber security experts. We’re happy to meet with you for a cyber security risk assessment of your organization’s IT infrastructure. Or, you can contact us online or call 410.685.5512 with any questions.