Don't square off against a cyber threat without a game plan

null

Whether you’re talking about football, cricket or rugby, the draw of team sports is unmistakable. Around the world, fans tune in by the millions to root for their favourite teams, watch stunning feats of athleticism and experience the thrill of victory – or the agony of defeat. In each of these sports, a match is a series of challenges and obstacles. Both offense and defence require a solid plan and the ability to quickly adapt when that plan fails. Beating the other team requires quick thinking, agility, stamina, strength and (quite often) sheer luck.

In today's relentless cybersecurity landscape, IT departments face a challenge that’s not unlike going up against a championship football team. The opponent is crafty, experienced and hungry for victory. However, this is no game and the consequences of defeat are very real. Fortunately, IT departments can prepare for these challenges in much the same way that sports teams prepare for a game: by developing detailed plans based on understanding the opponent – and being ready to adapt when those plans fail.

Outlined below are some of the most common hurdles that cybersecurity teams face, alongside tips for overcoming them. Once you’ve developed your game plan for each, practice each scenario. Simulate each scenario multiple times, taking notes about what worked well and what didn’t. Adjust your plan accordingly. Armed with this preparation, you will be much nimbler when unexpected attacks present themselves.

Ransomware

Ransomware is a constantly evolving malware shape-shifter that poses a threat to all companies’ security. One the largest ransomware attacks in recent years was NotPetya. This ransomware strain targeted Windows-based systems, causing global panic amongst businesses. It worked by infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting. It subsequently demanded that the user make a payment in Bitcoin in order to regain access to the system.

In the event of a ransomware attack, companies should not pay the ransom as there is no guarantee that companies will actually get their data back. Instead, they should plan ahead by implementing a top-tier recovery solution that allows end users to quickly and easily restore their own data. This not only completely mitigates the chance of data loss during a breach, but also goes a long way to maintaining the financial security of a company. This approach is also extremely useful when unexpected complications arise. No matter what clever tweaks the cybercriminals develop, users can simply revert their devices to a point before infection. 

Phishing / Whaling

While some enemies attack through brute force, others opt for deception. Phishing’s purpose is to manipulate employees into clicking malicious links that enable viruses to spread and ultimately cripple a business. Often the emails claim urgency and require immediate action. In doing so, they apply pressure on recipients to act rashly without identifying the scam.

A specific type of phishing scam focuses on prime targets, such as C-suite executives of big companies. This practice is more commonly known as “whaling.” Those in high-ranking positions are often more lucrative victims due to their authority within the organization. An infamous victim of whaling included Snapchat, where a senior employee was fooled by a spoof email into revealing sensitive financial information.

Many phishing attempts are poorly constructed and relatively transparent, but it only takes a momentary lapse in concentration for one to prove successful. Therefore, employees should be trained to distinguish legitimate emails from phishing baits, and to report suspicious links to the IT department. Like running a practice drill, setting up fake attacks can train employees to spot suspicious emails and help instill in individuals a sense of responsibility about their email behaviour.
 

Insider Threat

It can be most challenging to detect those threats that come from inside. Insider threats can be committed by anyone within the company – either through malice or simply through human error. Either way, the collateral damage could be irreparable for a business. For many Chief Information Security Officers (CISOs), this means dedicating energy to internal vigilance, as well as keeping the bad guys out. 

To protect a business from an insider threat, IT departments need to have full visibility of sensitive corporate information that exists within a company, where it is resides and how it moves. Once IT has a comprehensive view of the flow of data across the business, they can detect suspicious movements and exchanges of information. Lastly, implementing the correct data protection and visibility tools ensures an unrivalled defence system, both in alerting IT teams to a breach, and showing them how to quickly rectify it.

GDPR

The biggest change in data protection legislation in the past two decades went into effect on May 25, 2018. The General Data Protection Regulation (GDPR) is raising the stakes for how businesses process and handle private information in the EU. Unfortunately, this isn’t just a challenge that will affect businesses located in Europe – the GDPR applies to every company that does business within the EU. Should an organization fail to sufficiently safeguard personal data against a breach or flag a breach to the supervisory authority within 72 hours, they will face a fine equivalent to €20 million or four percent of its global annual turnover, whichever is greater.

So, how can companies demonstrate compliance? Companies must implement security measures that match the level of risk to the personal data held. IT departments and systems must be safeguarded with adequate time and resources to ensure that data transfer and transmission can function without risk to security. This ranges from securing the enterprise perimeter with antivirus and malware protection, to swiftly detecting breaches and ensuring endpoint visibility. Why is the endpoint so important? Code42’s CTRL-Z study showed that more than 60 percent of corporate data is stored on user endpoints, so it’s vital not to leave them undefended. There is no “one size fits all” solution for adhering to the GDPR, but regular auditing of security solutions and InfoSec strategy to ensure an organization is constantly compliant is a must. After all, GDPR compliance is not a box that can be checked off and forgotten – it is a constant state that must be continually maintained, like an athlete staying in shape throughout the season. 

The cybersecurity landscape continues to evolve in complexity and difficulty, with new obstacles cropping up nearly every day. Security professionals do not have to accept the inevitability of having their organizational security compromised or attacked, but they should plan for the worst case scenario and be ready for anything.

Richard Agnew, VP EMEA North at Code42 

Image Credit: Bee Bright / Shutterstock