Skip to main content

You’ve been hacked! But the question is — when?

(Image credit: Image Credit: Welcomia / Shutterstock)

We’ve all read about it–companies of all shapes and sizes are getting hacked and publicly exposed. With enough effort pursued by the hackers, overcoming security layers and intruding into a company’s sensitive data is an undesirable trend.  Companies should acknowledge the risk and define ROI driven mitigation programs. 

It is highly likely that all companies are scanned by hackers looking for opportunities to exploit a vulnerability they find. And the question that you should be asking yourself is, “how will I know if we are been breached? And how long after the breach will I know?” Just because you might be seeing strange activity on an endpoint device now does not necessarily mean that you have been struck there and then. A malicious file could have been implanted months or even years ago and is now manifesting into a fully fledged botnet across your corporate network. Cybercriminals typically wait for the most opportune moment to strike so they can cause as much damage--and reap as much profit--as possible. 

Focus attention in the right place

The trick for a hacker’s malicious software staying hidden? Get it loaded on a target device and embed it where it is harder for IT to detect it--at the employee endpoint. One of the biggest cyber vulnerabilities for a company is not entirely from external factors but instead through the “inside threat” within your organization. That is not to say that the threat is always a malicious one, but when it comes to cybersecurity, compromised employee devices can be just as damaging as those willing to do harm. That inadvertent download or program install may have seemed innocent enough, but that is not always the case. Take for example the recent story of the U.S. Navy being hacked through a worker’s laptop. It shows the power that one employee device can create a catastrophe. 

To stop oversights such as these, it is important to keep employees aware of how their actions, even if perfectly amicable, can influence the wider business from a cybersecurity standpoint. In 2016 and beyond, a company cannot just rely on security tools alone; Carbon Matters!

Expand the awareness 

It remains vital for IT to keep abreast of the multitude of different cybersecurity methods available, but it is arguably more important to ensure that each employee understands the significance of practicing good data hygiene. After all, knowing what to look out for in regard to malicious files or phishing attempts is winning half of the battle. How this is communicated to staff will vary from company to company, but it is a good rule of thumb that organizations put as much investment into a comprehensive training and awareness program for employees as they do into security programs and tools. 

Disturbingly, the Global State of Information Security Survey 2016 conducted by PwC found that 47% of organizations do not have employee security awareness and training programs. And of those companies who did raise awareness, many have not done it effectively. It is critical to get employee buy-in when talking about cybersecurity. Ultimately, the last thing you want to do is have a security failure that impacts your colleagues, your company, and--most importantly— your customers, who might take their services elsewhere and make sure that others are acutely aware of your damaged reputation. 

Recovery in real-time

Assuming we all agree there must be a comprehensive training programs as it relates to endpoint security, something can–and will–slip through the net. What will you do if you are hit by ransomware, the number one tool used by hackers to monetize endpoint vulnerabilities?  Paying ransom is not an option unless you want to encourage hackers to target your company more often –because you’re willing to pay.  You need to recover as quickly as possible, and be up and running in minutes or hours; not in months. Every minute can cost a company money, reputation, and client trust. 

Traditional backup simply is not fast enough, and often not tested thoroughly enough at the end-user level in the event of data loss or for disaster recovery programs. Companies today need instantaneous access to their data should an attack hit the corporate network. The best endpoint recovery technologies on the market today can provide access to a backup in as little as ten minutes and is often stored in an encrypted cloud environment. Even if the warning signs are there and an attack is still unraveling, employee endpoints can be ‘cordoned off,’ allowing productivity to continue while the Incident Response Team continues to fight the fire.   

The three most important things for a Fortune X company? Make sure your backup strategy is capable of real-time recovery, invest in info-security infrastructure, and provide meaningful and actionable training to your employees. Only then do you stand the best possible chance of keeping your organization on its feet, and continuing business-as-usual, whatever the eventuality.   

Rick Orloff, Vice President, Chief Security Officer and Chief Privacy Officer at Code42

Image Credit: Welcomia / Shutterstock 

Rick Orloff
As the VP and Chief Security Officer (CSO) at Code42, a world-class realtime data recovery solution used by Fortune 500 companies, Rick is responsible for all elements of security including infrastructure, product design, security services, customer data, and customer satisfaction.