Adjusting to current cyber security threats: business resilience
This segment is the second in a series looking at the changes in company focus after COVID. Small to mid-sized companies have significantly adjusted their business models to support remote employees with mobile capabilities. This shifts the need for improved cyber security protection and increased employee awareness of the threats to business resilience and customer data protections.
This brief report outlines how businesses need to adjust their focus on business resilience to protect from ransomware and other factors when systems and data become unavailable. Our previous installment focused on assessing business risk.
Our goal is for businesses with limited cyber security budgets and staffing to be armed with the knowledge and framework to take action and increase their security protection.
Business resilience: what are the risks?
Businesses continue to experience a rise in threats that can halt productivity. To keep this simple, according to the Verizon Data Breach Report for 2021, the top threats facing most businesses are associated with:
- Lost credentials
Each of these threats are not entirely exclusive, meaning that an attacker may use all three to infiltrate an organization. Albeit, according to the FBI, the best way to stop 90% of attacks is through multi-factor authentication, but we are getting ahead of ourselves. There is more on that later. There are a few items that can protect an organization very well from these attacks.
How can these attacks impact business resilience?
Of the top three attack vectors, phishing is number one, and is usually just a gateway to other methods of attack, like lost credentials and malware.
- Phishing attacks can include theft of your data, encryption of your data, ransom against your business for your data, or even defraud through wire fraud. All of these attacks can impact business resilience and even close a business down.
- Lost credentials can be catastrophic, especially if they are privileged administrative credentials. Stolen credentials can result in theft of data, complete destruction of systems, ransomware, and even theft of funds.
- Malware is generally destructive with the capability to exfiltrate information, passwords, communications, destroy data, or result in ransom.
Unfortunately, there is no silver bullet to address these threats. As all IT professionals will tell you, it’s not if you are attacked, it’s when; it’s imminent and you must be prepared.
Addressing the threats: protecting from theft of credentials
The final step in assessing your appetite for risk is to define standards that protect the company. This will define how much security the organization will need and establish standards for security. These are your policies and standards to limit risks that could destroy the business.
Implementing a solution: Google’s Two-Step Verification uses data to keep you secure
Let’s use Google’s Two-Step Verification as an example. When you log in to your Google account with your user ID and password, the Google authenticator application sends you an authorization request on your phone for you to verify it is in fact YOU that was just logging in.
Criticism of these technologies in the past has been that it’s hard to use and cumbersome to approve all of the time. That’s why Google has used other mechanisms to help reduce the 2SV requests through monitoring where you log in from geographically and what systems you log in from. When it registers the same system and location for the user, it does not require the 2SV.
We recommend any of these MFA solutions for high-risk users. For example, company executives, software developers, systems administrators, and finance professionals should always use MFA solutions. If you are a Google Workspace customer, all users have the ability to use MFA on their Google accounts. We recommend using the Google Authenticator on your mobile devices to make MFA simple, but there are other solutions like Titan or Yubikey hard tokens, or as a last resort using text messaging.
To learn more about MFA at your organization, contact us to discuss.
Addressing the threats: protecting from ransomware
Ransomware is a little more tricky to predict and prepare for, however, there are mechanisms that can protect you. First and foremost, use a good anti-malware solution. Google provides strong protection in their Google Workspace Gmail and Drive storage solutions. Each endpoint needs to be protected as well.
The second very important protection from ransomware is frequent backup. If your organization is impacted by ransomware, you will need to recover lost data. Google Drive with Vault can recover files from the last 30 days within specific parameters. However, each file must be recovered individually and the process can be lengthy. The only solid recovery option is an isolated backup solution that will back up your data to a secondary, secure storage location. Ensure that your business is backing up important files daily.
Addressing the threats: protecting from phishing attacks
Phishing attacks have become much more sophisticated lately; they aren’t the Nigerian Princes we’ve known in the past.
The best way to manage this risk is by training your employees about the nefarious ways an attacker will attempt to trick them. Phishing training will improve everyone’s capability to easily identify a phishing email and help the business remain alert. Phishing training and cyber-related security training are not extremely expensive and will pay dividends so your employees avoid bad situations online and in their email management. Google is very good at catching phishing emails, but does not provide your employees with ongoing awareness training when one slips through.
In our next installment, we will focus on protecting the business from threats.