Cybersecurity tips to secure your business against attacks
In the 2019 President’s Budget, the White House advised that the US Government planned to spend $583.4 million (4.1% increase versus 2018) on cybersecurity. The percentage of security breaches has also increased by 11% since last year. Dealing with the consequences of an attack can be costly, with the average cost increasing from US$1.4 million to US$13.0 million. These attacks have become a global issue that affect large and small businesses indiscriminately.
What can you do protect your business?
STAFF TRAINING
The best way to prevent cybersecurity attacks is by providing adequate training to your staff. Verizon’s 2018 Data Breach Investigation Report revealed that in 2018 around 30% of corporate data breaches were caused by internal actors. Educating your staff to be able to identify phishing or social engineering attacks and protect your organisation against them is really important to ensuring the security of your business. Additionally, there is a real importance in making sure that your team are cybersecurity savvy; not leaving laptops or phones open to theft and ensuring accounts use strong passwords and two-factor authentication where possible are important cybersecurity policies to have in place.
SOFTWARE UPDATES & SECURITY PATCHING
When a software provider releases a new update of their product, it is usually in order to patch or upgrade an identified security flaw. In 2017, a ransomware attack known as ‘WannaCry’ affected over 230,000 computers worldwide. The hard-drive encrypting attack spread so rapidly due to the malware being combined with a leaked NSA hacking tool. The worm looked for vulnerabilities in public-facing SMB ports and deployed the malware into the connected network – leading to entire networks becoming infected. Following the attack, Microsoft released a patch to protect systems from similar exploits but it became evident that a number of organisations had not applied it. A subsequent attack, exploiting the same vulnerability occurred some months later – demonstrating the importance of patching. If organisations had not updated and patched their systems as a result of ‘WannaCry’, the subsequent ‘NotPetya’ attack would have been a lot worse.
THREAT MONITORING
There is no way of predicting when or where a cybersecurity attack may happen; meaning threat detection and threat monitoring software is really important to any small business. SIEM (Security Incident and Event Monitoring) software can help to identify threats. SIEM “analyses log and event data in real time to provide threat monitoring, event correlation and incident response – with security information management (SIM) which collects, analyses and reports on log data.” The three critical capabilities of SIEM include threat detection, investigation and time to respond (as identified by Gartner).
SENSITIVE DATA ENCRYPTION
Making sure sensitive data is secure can be the difference between a protected business and a business severely impacted by a data breach. Not only are there strict GDPR regulations around data and data privacy, the impact of a data breach or sensitive data becoming compromised can be disastrous for a small business. The easiest way to mitigate the risk is to ensure sensitive data is encrypted.
We’re currently collating our findings regarding the biggest cybersecurity attacks of 2019 and have another 3 months to go before we say goodbye to this year. You can view our run-down of 2018 and historic, here and here.