Cyber crime is here. What can businesses do to protect themselves?
“Today there are two kinds of businesses, those that have been hacked and those that will be,” says Sam Curry, Chief Security Officer at Cybereason. Curry even goes so far as to encourage businesses to foster what he describes as a ‘healthy sense of paranoia’, and perhaps he’s right.
By next year, cyber crime is predicted to double. It’s time for businesses to accept that they are more likely to experience a cyber attack than to avoid one… But where do they begin when combatting cyber strikes?
In 2016, the UK’s National Cyber Security Centre (NSCS) listed 10 Steps To Cyber Security to help organisations build up their cyber health. Here, we revisit the 10 steps in light of recent initiatives and innovations.
1) User education and awareness
According to Max Heinemeyer, Head of Threat Hunting at Darktrace, awareness is the most important part of building successful cybersecurity protocols. At the beginning of the year, the US National Counterintelligence and Security Centre unveiled a new corporate awareness campaign, sending information in the form of brochures and videos to privately held companies. Companies themselves have a responsibility to train their employees and customers to understand the threat from cyber criminals and to act in a way that reduces the chance of attack.
“The real weak link for any business is its employees that regularly fall victim to phishing scams, open attachments from unknown parties and visit suspicious websites,” says Curry.
2) Managing user privileges
Cybersecurity can be compromised by a lack of knowledge within teams, but also by having too many privileged accounts. In computing, privilege refers to control over a computer system. Those with privileged accounts can make important changes such as reading, creating, or deleting files. The more privileged accounts exist, the wider the scope for infiltration. Given these extra capabilities, hacking a privileged account is a considerable prize for cyber criminals. Monitoring the activity of accounts that already exist and limiting access can help to reduce the likelihood of hacks.
3) Network security
Building strong network security means avoiding unauthorised access and keeping the network contained. Information can certainly be shared with third parties, but only if it doesn’t compromise the integrity of internal networks. Companies should carefully consider the quantity and quality of any third parties or external influences. Network security vendors like McAfee provide cloud empowered solutions that scale across organisations.
It might go without saying, but it’s easy to forget to keep an eye on everyday activity. Meticulous monitoring could be the difference between spotting suspicious activity and letting an attack go unnoticed. If networks are reliably and continuously monitored, it will be much easier to spot non standard behaviour. Knowing what is normal for your organisation’s systems and analysing future performance against it is called ‘baselining’. In the past few years, machine learning has become a helpful tool for scanning network activity and returning real time progress reports.
5) Secure configuration
Secure configuration refers to the security measures that are created when building and installing computers and network devices. Configuration management verifies that these systems and devices are performing as they should, ideally without interference from malicious influences. The UK government’s Cyber Essentials Scheme advises businesses to remove and disable unnecessary software, unused accounts, and any auto-run settings that don’t ask for user authorisation. That way, even if a system or device has not been developed in house, the user is informed about any background installations.
Secure configuration also necessitates user authentication, so that access to sensitive data is protected. As such, a major aspect of secure configuration is passwords. Regularly changing passwords, avoiding the same or similar arrangements, and limiting password attempts should be standard procedure.
6) Home and mobile working
Working from home or while travelling is more common than ever thanks to mobile devices and the spread of connectivity. Unfortunately, it presents a golden opportunity for cyber criminals. Hackers look for the weakest link in corporate networks. They could, for instance, hack into a company’s database through an employee’s less secure, remote connection. The NCSC suggests that businesses should come up with a mobile working policy that staff can adhere to when carrying out remote work. This might include only using a secure, password protected connection, or avoiding the use of certain systems while using mobile data.
7) Removable media controls
Removable media like USBs, DVDs and hard drives present cost effective and convenient data storage options. However, this convenience comes at a risk. Each time data is copied to a removable media device, there is a chance that it will be infiltrated by an external party. Access to removable data, and the extent that it is used, should therefore be limited.
When it comes to digital media, malware can often hide in plain sight. Media files, such as photos or videos, should be scanned for malware before they are imported to a company’s system. Weaponised media content can take advantage of vulnerabilities in media players installed on target user’s computers.
8) Malware prevention
Scanning media files is just one way of preventing malware from entering an organisation’s network, but requires effective anti malware defences. These defences must protect the entire organisation to lower the chance of loopholes. Malware protection and antivirus software is available from a range of different vendors.
9) Set up a risk management regime
The NCSC states that companies should view cybersecurity risk in the same way that they view financial, organisational or legal risk. In order to achieve this, a cyber risk management regime should be embedded across the organisation. Often, strategies to improve performance can have the unintended side effect of creating cyber risk. Cyber risk appetite – in other words, how much the organisation is willing to compromise cybersecurity to meet their strategic aims – must be communicated to employees, contractors, suppliers and any other stakeholders.
10) Incident management
Finally, companies must establish an incident response protocol and disaster recovery capabilities. This should be tested and tweaked, evolving in light of changing cyber criminal trends. If a cyber attack or breach does happen, it should be reported to the authorities to spread awareness and maintain transparency.
The NCSC’s 10 Steps to Cyber Security provide a good guide for cybersecurity improvement across the business landscape. The cybersecurity threat is expected to intensify, but placing these considerations at the core of corporate strategy will make life much harder for hackers.
“We live in a world where businesses today have a much harder task of keep adversaries at bay because of the increasing network attack surface that security teams have to monitor,” notes Curry. “As an industry we have come a long way and making cyber crime unprofitable for hackers is achievable if businesses use the right tools and deploy the right strategy.”
Keep up to date with business and technology via our free weekly newsletter.