Dangers of Cyber Attack Have Increased During Pandemic
NEW ORLEANS – Cyber attacks are a constant occurrence. Even more worrisome, they have become more sophisticated, more destructive, and more expensive than they were just a few years ago. In the early days of ransomware, a typical attack consisted of encrypting files to render them useless and then demanding a ransom in the relatively low thousands of dollars for the key to un-encrypt them. If you had a reasonable backup solution in place, you could restore the encrypted files from backup, and the impact was a modest and manageable amount of lost data and productivity.
More recently, attacks often consist of not only encrypting files but also stealing them and threatening to expose sensitive information. Attackers now specifically target backup systems and attempt to encrypt, delete, or disable them so that recovery becomes much more difficult. And if you find yourself with encrypted files and useless backups, the ransom demand is commonly six figures.
Unfortunately, just as cyber-attacks are becoming both more common and damaging, many businesses are becoming more vulnerable. Remote access solutions are a common entry point for cyber-attacks, and with COVID-19 causing many people to suddenly work from home for the first time, hastily implemented remote access systems are easy targets, exacerbating what was already a serious problem.
Naturally, the question becomes, “What can a business do to protect itself?” The days of believing we can seal off our corporate networks and data from the outside world and never allow a user or computer to become compromised are long gone. A more modern approach involves validating each connection with something more trustworthy than a password. It prevents lateral movement in a network from compromising critical systems. It introduces new technology to detect when compromises happen. And it recognizes that compromises will happen and has a plan to respond.
While some technical controls are still beyond reach of most small businesses, there are also steps that every business can and should take to protect itself. Top recommendations include:
This is straightforward: all businesses should require multi-factor authentication on every system and application that is accessible from the Internet. MFA for email and MFA for remote access are no-brainers. If an application does not support MFA, that is a good sign that its developers are not serious about security and a good reason to move to something else.
Since backups are being targeted, we must take extra steps to protect them. Step one is to use unique credentials for backup accounts. The compromising of other user accounts should not give an attacker access to backups under any situation. Step two is to limit network access to backup files and systems. Backup files should not be accessible from anything other than the backup system. The backup system should only be accessible when technically necessary. Step three is to incorporate immutable, offsite storage into your backup scheme. Even if an attacker gets full access to your network, immutable storage can prevent them from altering or deleting your backup data.
Next-Generation Endpoint Protection
Traditional anti-virus software uses signatures of known malware to identify an infection. So-called next-generation endpoint projection, which is now offered by all the major vendors, uses artificial intelligence to identify suspect behavior and stop it before major damage is done. And it works: a few dollars per device per month can easily be the difference between a crippling, company-wide shutdown and a non-event.
Prioritize and Focus
Though the cloud offers many benefits and is often an important component of cyber-defense, its decentralizing of corporate data also presents challenges. It is not uncommon for even small businesses to have dozens of different cloud applications and several cloud file storage repositories. The task of tightly securing all of them can be daunting, so start by identifying and focusing on those that contain the most operationally critical or private information. Consolidate important data to as few locations as possible. Audit and limit access to those locations only to those who absolutely need it. Add another layer of backup as an extra precaution. In short, when you get past the base basics, take it one step at a time and use the criticality of data to set your priorities.
Cyber-crime is lucrative, and some cyber-attackers are extremely sophisticated. And with the degree of interconnectedness we live in, and no amount of protection is fool proof. For that reason, appropriate insurance is a basic component of cyber-defense. Aside from mitigating financial risk, cyber-insurance providers can be a valuable resource to validate your technical controls and to help with a response should the unthinkable ever happen.
Steven Ellis is the President of Bellwether Technology Corporation, which provides IT management and support services to more than 100 businesses and organizations. Bellwether is celebrating its 40th anniversary this year.