Just the other day I got an email, allegedly from Microsoft, explaining that my password was about to expire, and I would lose access to my services unless I clicked the link to reset my credentials. Of course, this message was fraudulent and if there was any doubt, the domain the message was sent from didn’t resemble Microsoft in the least. But the message was clever enough to get past our filters and required that I think before I clicked . Given the volume of messages you are likely to receive in a day, and since 70% of the world’s email is spam or junk, it is not impossible to absent-mindedly click the wrong message and unleash all kinds of nastiness.
The frequency and audacity of cybersecurity incidents has grown exponentially in recent years. And as every “thing” becomes connected in our interoperable world, the need for a strong cyber defense strategy cannot be overstated. It is not a question of “if” your network will be the subject of an attack, but a question of “when” the breach will occur and what your response will be. Your network is being probed and confronted with new threats every minute of every day. Because you have deployed antivirus and malware detection systems, most bad-actors are denied access and the threat contained.
But it only takes one click on the wrong link or attachment to unleash a virus, ransomware, or other malware on your systems, your data and your users. A cybersecurity strategy is comprised of people, processes and technology. And of these the greatest risk is in the people. It only takes one person to not follow the process and defeat the technology.
This is a problem that affects organizations of all sizes. In fact, it has been estimated that one in five small businesses that are the target of a ransomware incident will not survive. There are a number of strategies and technologies that can be deployed before the unthinkable happens to your enterprise.
· Employ multiple layers of antivirus and malware detection, DNS monitoring, Firewall and Behavioral Monitoring. Like the multiple steel vault doors in the opening of “Get Smart” these tools reinforce one another and reduce the vulnerability of a single weakness.
· Operationalize security and compliance by making the process part of standard operating procedures. Like a fire drill, you hope you never have to use it, but the only way to know if you are prepared for an incident is to practice the response plan twice a year.
· Prepare and rehearse your incident response plan. Your IT and all other teams should have the information and training to respond and handle potential incidents. Other response components include: promptly identifying the incident and urgency; containment, eradication and recovery. Finally, don’t omit a postmortem to document lessons learned.
· Do not rely on a single back-up and Disaster Recovery strategy. Fortunately, technology has evolved to the point where it is affordable and practical to have back-ups to disc, to tape and to the Cloud. Not all applications and services are created equal. So, the speed of recovery and the point of recovery will vary depending on the application – month-end reporting does not have the same urgency as real-time transaction processing, for example. Disaster Recovery as a Service (DRaaS) is available and can ensure that your resiliency is measured in minutes or hours – not days.
We all know how technologists love their acronyms. A couple that are especially important to a discussion of cybersecurity are CISO and SOC. A Chief Information Security Officer (CISO) is an IT executive with ultimate responsibility over the policies and processes that safeguard the computing environment. In 2018, The Global State of Information Security Survey 2018 (GSISS), a joint survey conducted by CIO, CSO, and PwC concluded that 85% of businesses have a CISO or equivalent and 40% report directly to the CEO. Ask yourself who has the ultimate responsibility for your data, IT assets and computing environments, free of conflict of interests with the CIO or IT directors. An effective CISO is independent of the business and focused exclusively on the security of the computing environment.
SOC stands for Service Organization Control and SOC Audit Reports are intended to meet the needs of a broad range of users to provide detailed information and assurance about the controls at a service organization. Since your chosen service providers may well be relying on other service providers, such as Cloud Services, you may certainly require a SOC Audit to report on controls … relevant to security, availability, processing integrity, confidentiality or privacy (source: AICPA).
There’s a lot to know about cybersecurity and the steps one can take to prevent an incident or quickly recover from one that occurs. I urge every businessperson to learn more and ask hard questions about the preparedness of their enterprise. As Steven Smith, Founder and CEO of GCommerce said following their cybersecurity incident, “Believe me, no one wants to wake up to learn the news that their company is a victim of a malware attack. No one or no company should have to experience that. For that reason, we are planning to share what we have learned through this event in the hopes that we can spare someone else this experience in the future”.
As an effort to pay it forward, GCommerce hosted a webinar following their incident with their information security auditor and the CISO of Genuine Parts Company and DRiV Automotive. This informative conversation is available on demand at www.gcommerceinc.com/cybersecurity.
It may be inevitable that your enterprise will be the target of an attack one day. How well you survive and how quickly you fully recover is a direct biproduct of the technology, policies and processes that you put in place today.
