[BreachExchange] Identifying and Overcoming Cybersecurity Risks: 5 Steps

Audrey McNeil audrey at riskbasedsecurity.com
Mon Jun 19 19:48:44 EDT 2017


http://www.datacenterjournal.com/identifying-overcoming-
cybersecurity-risks-5-steps/

Like it or not, modern businesses are placing themselves in the firing line
if they fail to take action to protect themselves from hackers. The recent
global cyber breach outlined how important information security is to
business. The cost to organizations, including the U.K.’s National Health
Service (NHS), is estimated to run into the billions.

WannaCry was the name given to the malware that infected computers running
Windows XP. Users logged on only to face a ransom demand, a countdown timer
and a Bitcoin wallet to receive the ransom. Thousands of NHS patients had
their data locked, including some midway through operations.

Many SMBs don’t understand the extent to which their data is at risk, and
those who do often don’t know where to start in addressing this problem. In
2015, the U.K. government issued a press release suggesting that businesses
need to plan for a cyberattacks. The research revealed that as many as 90%
of big businesses and 74% of SMBs had experienced an information-security
breach.

It’s understandable, then, that a large proportion of small-business owners
don’t pay the danger much attention, perhaps failing to realize that
something as innocent as a social-media post or a USB stick left in the
wrong place can be enough to bring down their whole organization. If you’re
in this group, you should start reviewing the risks and putting security
procedures in place. This guide gives you a starting point, with five steps
you can implement right away to improve the safety of your company.

1. Find risks and make a note of where they are.

The starting point for securing your company from cyber threats is to
identify where they are through a full risk assessment. This step will show
you what your company possesses that may be of interest to a cyber thief.
Remember that customer data is often the most important thing to protect,
because although the direct cost of losing it may be small compared with
research data or intellectual property, you’re likely to lose more through
fines and lawsuits. Furthermore, the cost to your public image and the loss
of customer trust can take years to recover.

Consider all your company’s data, as well as where it comes from, where
it’s stored, who has access to it and what security procedures they must go
through to reach it. Are these measures secure enough? Do you use
two-factor authentication (additional security beyond basic password
protection)? Are your people trustworthy? Do you have strict protocols,
policies or automated restrictions in place to protect your networks, email
and other systems? Do you encrypt data on your network, and do you dispose
of old computers safely? You should be asking yourself all these questions.

If your employees are using their personal laptops and phones at work, you
may want to enact a written policy to prevent them from activities that
compromise the security of your systems. Or if they use company-provided
devices, you may need rules about what they do with those systems at home
or how they use social media at the office. Regular staff training on
digital security is a must for any organization.

2. Keep track of both internal and external hazards.

Once you’ve identified and documented where you may be at risk, the next
step is to focus your attention on those who may have a desire to
compromise the security of your business. It’s useful to learn about the
kinds of cybercrimes that may threaten you, and how they’re typically
carried out, so you can better protect yourself. Cyber criminals come in
all shapes and sizes, and although you’re more likely to be under threat
from individuals in remote locations, there’s also a risk from people in
your organization.

One danger is “undercover hackers,” who join companies to gain easy access
to their security systems and to steal data. An unscrupulous employee may
also be willing to help cyberattackers in exchange for a share of the
financial reward. Or perhaps a staff member who feels wronged wants to
bring the business down. This situation is rare, so you need not constantly
look over your shoulder or analyze every word uttered in the staff kitchen,
but it’s important to be aware of this threat.

3. Identify where your systems are vulnerable.

Now you should have a clear idea of who might target your business and
where they are, and you should have taken stock of your assets that may
attract these attackers. Next, you must find any weaknesses in your data
security before they do. You can use various methods to analyze the
security of your systems and networks, and some of them are even free. Such
tools keep your software up to date and identify known vulnerabilities.

An intrusion detection and prevention system (IDPS) is similar to a
firewall, except it identifies internal threats in addition to suspicious
activity outside of your network. As you may have guessed from the name,
these systems also protect your networks from identified threats.

Penetration testing is another useful way to keep your systems secure, and
you should use it regularly. A penetration test mimics an attack in order
to check your IT systems and networks for weaknesses that a cyber criminal
could exploit. Penetration-test reports also offer solutions and advice
that will help you reduce the risk of a breach.

4. Determine the impact of threats and how likely they are to occur.

A business-impact analysis can help you identify the likely outcomes of
various kinds of cybersecurity breaches. Such a breach could have
implications that go beyond financial loss—for instance, your operations
may be affected as you take steps to recover from the impact and put new
measures in place to protect yourself from future attacks, and any damage
to your public image and trust rating will have a serious effect on your
relationships with existing and potential new customers, as well as the
press. It’s vital to take this threat seriously: 60% of small companies
cease to exist within half a year of falling victim to cybercrime.

Different types of attacks could have implications for different people in
your organization, and the scale of the attack will also determine whether
company-wide procedures and protocol changes are necessary or whether a
local team can address the situation. Have a business-continuity plan in
place to prepare for and deal with any issues that may arise. Or if you
want to go a step further, consider implementing a cybersecurity
incident-response plan.

5. Prioritize risks and start resolving them.

Now that you know what you might be losing and how you’re likely to come
under attack, you should be able to identify your most pressing security
issues. Start by drawing up a list of priorities and work through them one
by one, putting in place the necessary measures to keep your business as
safe as possible. You should extensively test any changes you make to
ensure they’re working and they don’t hamper your operations. Some of these
steps may require outside assistance; plenty of IT service providers can
work with you to keep your systems secure.

Although they most likely have your best interests at heart, don’t forget
that your employees are still the biggest threat to your IT security. This
doesn’t mean they’re out to ruin your company, but because they don’t
necessarily understand the technology they use or the various cyber
threats, regular training is necessary to make sure they’re up to date on
the latest risks and aware of the importance of avoiding them. Having staff
read and sign policies that document best practices is another way of
encouraging safe behavior and ensuring accountability.

You can never guarantee that you’ll be completely safe from cyberattacks,
so it’s important that you’re well prepared should the worst happen. Make
sure everyone in your organization is aware of the risks and knows exactly
how to respond. This process includes ensuring they have received the
training and resources they require to succeed in this task.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170619/23911c42/attachment.html>


More information about the BreachExchange mailing list