October is cybersecurity month. It is a time dedicated to helping individuals and organizations to focus on protecting their cyberspace by ensuring that the devices and platform through which the access that space are properly secured with the right tools and most importantly, the right attitudes and actions.
This write up is dedicated to helping organizational leaders find out what they should do to protect their organizations from hackers and how they can keep the bad actors from doing damage if they break into the organization’s network.
There are only three things certain in life: death, taxes, and data breaches.
With data breaches and ransomware attacks on the rise and the global pandemic creating new opportunities for cybercriminals, it’s challenging to keep up with today’s potential security threats. A majority of today’s workforce is remote with access to corporate resources through virtual private networks (VPNs). The shift to remote work has resulted in more permissive VPN access policies and has created security risks that indirectly compromise corporate networks.
IT security teams are tasked to do more with less in making their company more secure. They are expected to keep up with day-to-day IT and security operations, find and keep skilled security talent, identify, and fill security capability gaps, and maximize value from their security tools.
Important Data Breach Stats
Many security leaders struggle to get the adequate resources they need to prevent data breaches. Breaches are getting more sophisticated; it’s also taking longer to detect data breaches, and in the United States, they are getting more costly. For example, it takes 280 days to identify a data breach and the average data breach in the United States costs $8.64 million, according to the 2020 Ponemon Institute and IBM Cost of Data Breach Report.
A majority of the data breaches, 70% are caused by an external threats, according to Verizon’s 2020 Data Breach Investigations Report. However, concerns over insider threats are growing with 97% of IT security leaders worried about an insider data breach, according to Egress Software Technologies Global Insider Data Breach 2020 Survey.
Hackers Are Getting More Targeted, Sophisticated, and Patient
When hackers are successful in gaining access to your systems and networks, standard security solutions often “fail silently.” They can’t detect an intrusion and alert someone on the security team. Zero-day exploits occur on the same day as the weakness is discovered in the software/firmware. The vendors don’t have known anti-virus signatures, making them tough to detect without a vendor fix.
Additionally, advanced persistent threats (APTs) can be patient and resourceful in their efforts to evade defenses. Their goal is to steal information from enterprises over a long time period, rather than attacking and leaving quickly.
Hackers penetrate your network and don’t stop at the endpoint. They search for at least three days to identify the crown jewels of an organization such as mission-critical applications like SAP, Oracle E-Business Suite, and JD Edwards. The bad actors can move around in your IT environment to discover and encrypt important applications so they can demand higher ransoms and increase their profit.
Hackers often attack outside of normal business hours, such as late at night on the weekends. They launch their attack at this unusual time because they know response times will be slow and remediation will not be as fast.
10 Steps to Prevent a Data Breach
There are 10 important steps you should take to help prevent a data breach at your company.
Step #1: Develop a Comprehensive Strategy and Test It
It’s important to have a strategic vision for your security strategy and develop a comprehensive plan to meet that vision. Often IT security teams react to issues instead of creating a proactive strategy that meets organizational risks tolerance levels.
Then, make sure you have enough resources to meet that comprehensive strategy. Chief information security officers (CISOs) need to be as strategic as possible because no organization is 100% safe, secure, and protected.
Most organizations have defined and executed multi-faceted security strategies. However, they do not have the expertise in-house to test if their strategy is effective in preventing attacks.
Additionally, self-testing is like playing chess with yourself. It is challenging to see the gaps when you are playing both sides of the board.
Many audit standards require organizations to perform regular penetration tests of their IT infrastructure to ensure the effectiveness of corporate security policies and procedures. However, remember that just because you are compliant doesn’t mean you are secure.
Step #2: Gain More Visibility into Your IT Environment
With today’s advanced cyberthreats, it’s important to have a comprehensive and consistent framework for detecting, monitoring, managing, and protecting your network. With the average time for a company to detect an intrusion taking months, cybersecurity today requires a deeper approach.
To protect your organization from security threats, you need better network visibility and intelligence. In a constantly changing environment, it’s important to know what’s happening every day so you can be aware, detect an issue, and then prevent it from spreading.
One way is to use intrusion detection and prevention systems (IDPS). These systems reduce the risk of a security event, if set up properly. There are 10 key questions you should to ask to make sure your IDPS is set up correctly.
Remember, if everything is fine in your environment, then something’s wrong. That’s how companies squander their IDPS investments. These systems can be finicky so it’s important to assign an experienced professional to configure and monitor your IDPS. And make sure they follow this IDPS checklist.
IDPS helps you stay in compliance with regulations and laws, including meeting Healthcare Information Portability and Accountability Act (HIPAA) and PCI DSS (Payment Card Industry Data Security Standard) (PCI) compliance requirements, and Defense Federal Acquisition Regulation Supplement (DFARS) cybersecurity requirements.
You can be compliant but not secure. Compliance-focused requirements are static, while today’s security models are usually dynamic. The speed at which technology and cybercrime changes make it very difficult for current regulations to drive best practices in security.
Step #3: Stay One Step Ahead of the Hackers
A strong security posture is about continuously identifying, assessing, and remediating security risks and threats across your IT environment. You should prioritize your security threats and address them. A risk is something you are not doing, and a threat is something that can exploit that risk.
It’s no longer a matter of if you will experience a breach, but how often and how severely. Protect your company from today’s ever-evolving security risks and threats by developing a Vulnerability Management program.
Security is not a one and done activity. For example, Microsoft has Patch Tuesday, the second Tuesday of each month. They regularly release patches for over 100 common vulnerability and exposures (CVEs) typically with a dozen or more categorized as critical. Oracle typically adheres to a quarterly Critical Patch Update (CPU) schedule often comprising hundreds of patches. To coincide with Microsoft’s Patch Tuesday, SAP has a regular Security Patch Day.
Step #4: Work Smarter and Faster
With advanced, next generation cybersecurity tools that prevents sophisticated attacks with cloud-native security information event management (SIEM) and security orchestration automated response (SOAR) that’s guided by artificial intelligence (AI) and machine learning (ML), CISOs can speed up detection and response. It’s important to work smarter as cybersecurity practices change and hackers evolve their tactics for attacking.
Threats are evolving faster, so real-time monitoring is essential for security teams to react accurately and effectively around the clock. Cloud-based SIEMs such as Azure Sentinel provide intelligent security analytics and threat intelligence that helps security teams work smarter and faster. One way to overcome fewer resources is through smarter and more advanced cybersecurity technologies.
Step #5: Set Up a Security Operations Center (SOC)
It’s important to set up a SOC internally for future security incidents or partner with a managed services provider who has a SOC that can help you with security monitoring and management around the clock to reduce the risk of a breach. A SOC monitors user behavior and looks for unusual activity based on AI and ML, manages your exposure vulnerabilities, verifies and validates security technologies such as SIEM, IDPS, and endpoint detection and response (EDR) solutions are working correctly, updated, and generating security alarms.
A SOC can help you validate your vendors using National Institute of Standards and Technology (NIST) framework to ensure strong security posture. Syntax’s security services are managed and monitored by our SOC 24/7. Our customers find this critical because it’s tough to acquire and keep security talent and transfers the heavy lifting of monitoring and managing security alarms or tickets to Syntax.
Step #6: Make Cybersecurity a Board Priority
The IT security team only gets five to six interactions with the board of directors a year. It’s important that each one of those interactions count. Establish specific metrics or key performance indicators (KPIs) to measure your cybersecurity performance.
Are your vulnerabilities going up or down? What’s the return on investment on [insert name] security tool? When you brief senior management on cybersecurity, it’s important to lie out the strategy and actions taking place, so the board of directors is aware of its cybersecurity posture before a potential attack occurs.
Too many C-suite level executives and board of directors don’t recognize or accept the high stakes nature of data breaches and its impact on their companies. When it happens to a competitor, they may say: “that’s too bad for them—it will never happen to us.”
It’s like an insurance policy. You don’t like that you have to pay for it monthly, but when something happens, you are glad that you have it. Cybersecurity is the same.
Cybersecurity needs to be a board priority, and the company needs to know much it will cost to mitigate security risks and how much a data breach could cost the organization. When IT security leaders have a problem, they need to approach the board with a solution and how they are going to address the problem. If your board of directors doesn’t know about your data breach preparedness, you have a problem.
Step #7: Train Your Employees on Cybersecurity
Schedule and conduct cybersecurity awareness training for all employees, including emphasis on potential pandemic impacts. Also, conduct phishing tests to ensure training “sticks” with employees. To protect your company daily, cybersecurity must become part of your company’s DNA and adopt a security-minded culture.
Cybersecurity must come from the top and must be embraced by all employees to be effective. With new threats and security emerging all the time, the sophistication of cybersecurity increases and so does a hacker’s response to find workarounds.
Step #8: Prepare for The Worse
With hackers becoming more sophisticated and targeted, it’s important to protect your company from a ransomware attack by investing in an EDR Solution that provides advanced algorithms for detection and containment of ransomware.
Ransomware is a file encryption process that many popular anti-virus (AV) solutions such as McAfee and Symantec allow and that EDR solutions stop. There’s a lot of heavy lifting with EDR so consider hiring a third-party provider who can manage the solution in a Managed EDR model.
Step #9: Back Up Your Systems
Make sure business continuity and disaster recovery plans are up to date and include specific procedures. Too often, leaders view High Availability and Disaster Recovery (HA/DR) solutions as a “nice to have” not a “need to have.” That’s both unfortunate and risky.
Leaving business continuity and operational resiliency to chance is a mistake few organizations can survive. For SAP, Oracle JD Edwards (JDE), or Oracle E-Business Suite (EBS) users, an outage of even a few hours can be crippling.
Many businesses look at traditional HA/DR solutions as desirable but unaffordable. Because of the high cost of “just-in-case” infrastructure and maintenance of redundant hardware, HA/DR requirements are often neglected. Fortunately, new cloud-based HA/DR solutions are becoming more popular because of their resiliency, flexibility, and scalability. Making sure your systems are backed up is a key area of security strategy and planning.
Step #10: Consider Outsourcing Your Security
Research shows that companies who outsource endpoint protection have lower malware infection rates. It’s important to work with a partner who has a macro and micro view of cybersecurity. As a hosting provider, Syntax can see the landscape for 100s of companies.
Syntax is on top of the mountain, most companies are in their own valleys.
We can help companies with their cybersecurity strategy and implementation. Just like companies are getting out of the data center business, they are getting out of the security business. It’s important to know your core competency. If cybersecurity is not your core competency, outsource it.
Bringing It All Together
Cyber criminals can make thousands or even millions of dollars from one attack on an enterprise. With hackers becoming more sophisticated and targeted, it’s important to protect your company from an attack.
Discover how we can help you better secure your company. Download our ultimate guide to IT security and visit our resources page. You can also contact us today to find out how we can protect your company from data breaches with our Security Solutions and Services.