When it comes to cybersecurity, no information is safe and no industry is immune. 2017 was once again filled with data breaches – both big and small – that were financially damaging to those who were directly affected. Unfortunately, it has become increasingly easier for cybercriminals to spread malware or ransomware, and to infiltrate networks and steal data.
For any company or business, it’s no longer a question of whether you will be attacked but when. Instead of panicking, companies need to take the necessary steps to survive and mitigate cyber attacks and data breaches, which should lead organizations to pose the question: How strong is our ability to secure our data, processes, and procedures?
For the first half of 2017, according to the Breach Level Index, healthcare was the hardest hit sector in terms of the number of breaches. The healthcare industry experienced 228 breaches (25 percent of the total), with 31 million records stolen. The financial services industry suffered 125 data breaches with 5 million records stolen. Other industries totaled 53 breaches, with 1.34 billion records stolen. The financial impact of a cyber breach can have devastating effects to an enterprise. According to the Ponemon Institute’s 12th annual “Cost of Data Breach Study,” the average total cost of a data breach is $7.35 million in the U.S., which represents a five-percent increase over the previous year. Globally, the average total cost of a data breach in 2017 hit $3.62 million.
Approaches to Cybersecurity
There are many possible approaches that a business can take to mitigate cyber risks, each with their own set of best practices. One approach that has had only limited success is to delegate the responsibility for cybersecurity solely to the IT department. Even using IT security best practices, this approach is unlikely to meet current needs because it does not cover all the potential attack vectors. A stronger approach is to implement a holistic program across the entire enterprise, from senior management up to the C-suite. This approach is far more likely to be successful, and is the primary recommendation.
For the most effective programs, cybersecurity must have the attention of every employee, and should include not only general awareness training but also specific knowledge and procedures for each type of position. Here are a few of the recommendations that will help protect most organizations, organized by type:
1. Conduct staff training: Every member of the organization will benefit from basic cybersecurity education and awareness training. Many successful network breaches begin with a ‘socially engineered’ email that includes a link that downloads malicious software. Every staff member should be aware of these types of messages and on the lookout for them. Similarly, they need to understand and recognize phishing emails.
2. Practice good password hygiene: Establish and enforce a password management policy to ensure that passwords are changed regularly and default passwords are not used. No equipment should be permitted to use the default passwords provided by the manufacturer. Current password best practices emphasize length over complexity – longer is better. And, failed login attempts should be logged, limited, and locked out.
3. Keep software up to date: It sounds simple, but it is critical to ensure that all software throughout the entire system should be updated at all times, including firmware. If possible, automate this process.
4. Manage access privileges: Each type of network user – including administrators, operators, users, casual users, and visitors – should be assigned the rights and privileges necessary for their assigned functions, and no more.
All of these are basic components of a holistic approach to mitigating cyber risks that can help almost every organization. There are many more additional steps that can be taken for specific circumstances, but these few are a strong starting point.
Testing is another key aspect of a cyber risk mitigation strategy. Testing procedures should include manual testing, such as interviewing all administrative personnel to confirm that all users are assigned a unique ID for access to system components and data. In addition, automated network testing can be used for a range of factors including periodic discovery of every attached device. Reports from such tests should include audit trails for all system components, including user ID, date and time, type of event, and more.
Automating physical surveillance and security functions can be an additional method to mitigate cyber risks. For example, in addition to businesses, airports, municipalities, hospitals and mass transportation facilities have experienced video surveillance outages as a result of a cyber breach. Companies should implement an automated camera firmware update manager, which allows cameras to be updated automatically. This saves a significant amount of time spent manually updating each camera and also assures everything is up to date with the latest updates.
In many enterprises, physical security and IT personnel monitoring a system in real time are no match for intense and relentless cyber-attackers unleashing botnets executing scripted attacks. Not only are humans incapable of keeping up with the sheer volume of incoming threats, but their ability to make quick and impactful decisions to manually address such attacks may not be enough to stop them. As a result, automation is becoming a powerful and an effective component of cybersecurity risk mitigation efforts.
Using automation to mitigate cyber risks offers several benefits, including streamlining of workflows to create an efficient environment. Not only does the organization become stronger in terms of security, but it also becomes more cost-effective, a point on which the C-suite will likely take notice. Another benefit is fewer errors, of which humans are prone to, but machines are limited to. Automation removes the error-prone human element from some or all of the process.
Automation can also incorporate the use of video analytics, where security failures are automatically detected and corrected. That leads to a proactive approach to mitigating risks, versus simply reacting to events. In addition, automation leads to data gathering with a more advanced type of analysis to solve a security problem. Lastly, with an automated system, there is no doubt with compliance with various regulations, as the system is set-up to monitor for issues that would violate security protocols. With the number of data breaches increasing each day, and the average annual cost of cyber-attacks reaching up to $400 billion for global enterprises, every enterprise needs an effective strategy to mitigate cyber risks. The key is to engage the C-suite and all employees, incorporate testing and automate many security functions and equipment maintenance processes to create a strong line of defense that will outsmart hackers and stand the test of time.