Cybersecurity has become a regular topic on board meetings
Cybersecurity in a corporate environment requires the highest level of support in the company. Last year, according to a study by the Ponemon Institute, the average damage caused by a cyber intrusion was just under $4 million. Such vast damage doesn’t happen momentously. The problem is that the attackers could be present and unnoticed in the corporate IT environment for two or even more months. The average detection time of the attacker has fallen sharply in recent years, but on average, according to the M-Trends report, it is still 56 days. The greatest progress in this sense is reflected in the EMEA region, which is most likely due to the GDPR, which forces companies to take better care of cybersecurity when it comes to personal data.
COVID-19 is an additional opportunity for cybercriminals
Quarantine has introduced a lot of chaos and a sharp increase in internet use, which is a mecca for hacker scams that is unfortunately already showing consequences. In March 2020, Google recorded a 350% increase in the presence of fraudulent Internet sites that hunt down usernames and passwords. The amount of phishing e-mails has also risen sharply. KnowBe4 records a 600% increase in email attacks from COVID-19 for Q12020. Let’s not forget that more than 90% of all intrusion attempts start with the delivery of malicious code via phishing. Phishing remains the number one attack vector.
To reduce the likelihood of a cyber intrusion that could damage your company’s reputation and jeopardize your business, we’ve put together some general strategy recommendations:
1. Establish a company-wide cybersecurity culture
Make sure all managers promote and fully support all employees in strictly adhering to security policies. Education, awareness, and training program for all employees should help.
2. Hire a competent cybersecurity manager
The CISO should have sufficient resources and autonomy, and above all the trust of top management, to be able to establish and effectively manage a comprehensive security risk management program for the entire company.
3. Introduce a comprehensive cybersecurity assessment program that includes:
- Phishing email campaigns
- Testing email security mechanisms
- Simulating real-world attacks on servers and workstations
- Automated vulnerability management
- Penetration testing of systems and applications
4. Encrypt all data-at-rest and communication channels
Data carriers such as a USB stick or a hard drive are vaults for information, so they should be additionally protected. Communication channels should also be well protected, especially those that allow access to information from the outside of the organization.
5. Introduce privileged access management and two-factor authentication
Managing privileged user accesses is one of the most important weapons in the fight against hackers. The password is the ultimate key for the attacker, so it should be protected on multiple levels.
6. Introduce the Zero Trust model
Introducing the concept of complete distrust has nothing to do with trust in your employees. Through additional restrictions at the network level, it reduces the likelihood of unauthorized access to sensitive information that could be carried out by an attacker at later stages of a potential attack.
7. Establish a compact security incident response plan
A well-prepared plan to respond to a cyber intrusion will put you one step ahead of attackers. Test and adjust the plan regularly.
8. Establish a system for continuous monitoring and response to security incidents
There is no 100% security, an intrusion will happen eventually. If you are ready for it, it will be stopped in time and without major consequences. Monitor your environment with specialized security detection tools, trained personnel, and pre-arranged procedures.
9. Establish a system of regular management of security patches
Each new security patch provides a new idea and opportunity for attackers to get into your network, but only if you don’t install the patch. Applying software fixes in more complex environments is not a piece of cake, but that should not be an excuse for greater risk.
10. Ensure good resilience of all information and communication systems
Establish and regularly test a business continuity plan (BCP) and a disaster recovery plan (DR) along with an “off-line” backup system.