How to Protect Against Cyberattacks and Build Cybersecurity Resilience

How to Protect Against Cyberattacks and Build Cybersecurity Resilience

Cyberattacks are becoming a more consistent part of the nightly news. First, there was SolarWinds, then Colonial Pipeline, and more recently JBS Foods. For any organization connected to the internet, it is only a matter of time before becoming a target.

It doesn’t matter if the target is a multi-billion dollar enterprise or a small business operating in northwestern Indiana, cybercriminals will take advantage of any vulnerabilities they can find. So how does a company protect itself against the ever-growing number of cyber threats?

Understanding the Landscape

Unless companies are aware of what is happening in the world of cybercrime, it isn’t easy to formulate the right measures to protect themselves.  Over the last decade, the face of cybercrime has changed, and so have the attack methods.

Organized Crime is in Cyberspace

Many individuals may still view hackers as lone wolves, hiding in basements.  Those days are long gone.  Cybercriminals are organized into groups that allow them to increase their attack range and boost their financial gains.  Cybercrime has become a business where bad actors look for opportunities that present a positive return on their time investment.

These cyber cartels often enjoy protected status in some jurisdictions such as Russia, Iran, or China. This status enables them to operate with impunity. In fact, some governments view these cybercriminals as assets that need protection. Without global cooperation, it’s impossible to capture or prosecute such criminals.

It’s More Than Ransomware

In 2020, ransomware attacks had grown by 40%, although overall malware attacks dropped.  The Ryuk attack increased by nearly 35%, and attacks on IoT devices rose 30%.  With the rise in IoT attacks, hackers are expanding their attack surfaces to locate more vulnerabilities.

Companies may feel safe from ransomware attacks if they have backups of their systems; however, backups are no longer enough.  The latest ransomware operates differently.  The malware first attacks the endpoints and servers on a system, making sure any backups or restore points are compromised.  Then, they launch the ransomware.  Unless the software is stored offline or offsite, companies have no choice but to pay the ransom.

Ransomware attacks are no longer just blocking access to data. They are now extracting data before launching an attack. Using that stolen data, they try to extort money by threatening to post the stolen data on the dark web or notifying the victims of the stolen data of the breach. These methods are used to apply added pressure on their targets.

Supply Chains Are Next

The SolarWind breach highlights the vulnerabilities in supply chains.  No matter how small the enterprise, companies are connected to suppliers.  Service providers such as accounting, payroll, or legal firms use software to conduct business.  That means they receive updates from those software providers.  If those providers have weak security, hackers could use their system to get to others, much as they did with SolarWinds.

Cyber cartels have moved from robbing companies of their digital assets to invading their infrastructure to maximize disruption and damages. That’s why it is essential for businesses to build defenses and establish procedures to mitigate risk if an attack is successful. Improving cyber defenses must be a focus for every organization up and down the supply chain.

Building Resiliency

Cybersecurity is not just about defending against attacks, but it is also about building resiliency. Cyber resilience measures an enterprise’s ability to continue working while attempting to prevent, detect, control, and recover from threats against its data and IT infrastructure. It’s about making cybersecurity more than a technical issue. It’s about making it a business issue.

Businesses rely on technology. The more dependent they become, the greater the impact on their survival should a cybersecurity event occur. By shifting the focus to resilience, companies begin to establish partnerships across their enterprise that make it easier to withstand cyber threats. The first step in building resilience is to look at the chief security officer (CSO) as an essential position that reports directly to senior management.

Having a CSO

Companies need CSOs reporting to senior management to facilitate a more collaborative culture for protecting their infrastructure, data, and applications. Changing the reporting structure establishes the value cybersecurity has for an organization. Security is no longer something IT takes care of; instead, it becomes something corporate executives care about. It becomes an essential part of a business strategy. With that level of exposure, CSOs can implement best practices such as the following with confidence:

• Educating Employees. People use weak passwords, share credentials, and click on links without thinking. Any of these actions can compromise a system. For example, 94% of ransomware is delivered by email. Employees should be reminded of security precautions and receive ongoing training on recognizing and reporting possible cyber threats.
• Maintaining Offsite Backups. Having a local backup helps when a file or application needs to be restored; however, that is no longer adequate to protect against a ransomware attack. A CSO can work with IT to develop a backup strategy that protects against possible attacks.
• Monitoring the Network.  CSOs can identify cybersecurity tools to help monitor and protect a network. There are anti-virus solutions, vulnerability test tools, and automated solutions that can improve network monitoring. With more organizations moving to a hybrid work environment it’s vital that network monitoring become more comprehensive. A company’s network is no longer centralized; in fact, it may be distributed throughout the world.

As threats multiply, having a CSO who is part of the executive team ensures that business decisions include cybersecurity strategies.

Investing in Cybersecurity

To keep up with the growing sophistication of cyber cartels, companies will need to make smart investments in technology. Yet, those investments cannot add to the complexity of operations and increase the burden on already understaffed IT departments. That’s why having a comprehensive view of cybersecurity ensures that technology investments integrate with the existing and planned infrastructure.

In addition to technology investments, organizations need to develop governance strategies that can enhance security throughout the enterprise and increase data protection. This effort may require investing time and resources to put documented processes in place. It will require testing of those processes to ensure operability.

Not all organizations have the internal resources to build cybersecurity resilience. Looking to a managed service provider such as Schilling IT can provide the resources needed to secure a company’s digital assets. As cybersecurity threats increase and businesses’ technology dependence intensifies, finding a partner to help build the resilience needed for survival becomes a critical strategic decision. Contacting Schilling IT can be the first step.