By Jonathan Goldberger, SVP Security Practice, TPx
The increasingly dangerous security landscape is particularly concerning to businesses, as they face increasing cyberattack threats.
Instead of fearing the unknown, business owners should look at the environment as an opportunity to bolster their approach to security and better protect their business.
There are more than 4,000 ransomware attacks every day in the United States. Unfortunately, for many companies, it’s a matter of when, not if, they will be targeted.
Consider findings from the Identity Theft Resource Center’s (ITRC) 2021 Annual Data Breach Report, which revealed there were 45% more data compromises related to cyberattacks (1,603) in 2021 than all data compromises in 2020 (1,108).
But companies do not need to sit idly by and wait for the day a malicious actor sets their sights on them. Today is the day they should act and lay the foundation for security as the current threats grow more serious.
Consider cyber insurance.
While businesses carry various forms of insurance, such as liability insurance, businesses should consider another form. General liability insurance protects against bodily injury and property damage, and many business owners may believe these policies will also safeguard them from cyberattacks.
However, most policies will not.
In recent years, insurance companies have developed policies tailored to cyberattacks. These new policies protect businesses if they fall victim to a cyberattack, helping them mitigate losses from internet-based and information technology infrastructure crimes.
Estimates for the cost of a cyberattack vary, ranging from tens of thousands to millions of dollars. Regardless of the exact cost, companies should not resign themselves to the fact that they will fall victim to an attack and be forced to pay a bad actor; considering inflation and rising costs, it’s an expense no company needs.
While these policies have grown increasingly popular in recent years, business owners should recognize that not every company is eligible for a cyber insurance policy immediately.
Most policies require companies to undergo an assessment to ensure they have the baseline protocols in place. While this assessment will help companies be eligible for cyber insurance and policy discounts, it will also ensure they have deployed best practices.
Start by putting safety protocols in place.
Bad actors are increasing their attacks and not limiting their malicious intent to larger companies. Increasingly, they are targeting companies of all sizes, and often they will target smaller organizations and use that as an entryway to a larger, higher-profile target.
Key safety protocols include:
Multi-factor Authentication (MFA): MFA requires users to use two credentials to log in. Activating MFA makes it harder for cybercriminals with a stolen password to hack into an application. At a minimum, all administrators and executives with elevated access to systems and data should utilize MFA for systems and application access, including email. Ideally, all users utilize MFA for email and network access.
Encrypted Backups: Encrypted backups are critical to minimize downtime should a system crash due to a natural disaster or a security event. When these backups are hosted remotely and securely, companies can quickly reboot their systems and minimize downtime. Additionally, utilizing a backup solution running on an alternative to Windows operating system is another layer of protection against ransomware.
Endpoint Detection and Response (EDR): With the rise in hybrid and remote work following the pandemic, companies must ensure they protect their endpoints — such as computers, laptops and servers. EDR empowers companies to monitor, detect, and mitigate threats on employees’ devices regardless of where they work by focusing on the behavior of the malware and predicting nefarious intent.
Inbox Detection and Response (IDR): Endpoint protection from malware starts with EDR, but cybersecurity protection starts with the user. The more vigilant a user population is in identifying anomalies, the greater a network’s protection. IDR empowers users to flag and remove potentially malicious emails, thereby removing the malicious emails from all users’ inboxes.
Regular Patching: Irregular or delayed security upgrades can leave organizations vulnerable to an attack; patching requires companies to conduct a comprehensive inventory of available patches within their software and when fixes should be made. Prioritizing patch management helps companies reduce vulnerabilities that could lead to a breach.
Continuous Security Awareness Training: Humans are the weakest link of any security system, and upwards of 90% of successful breaches result from human error. Companies must employ continuous education and weekly phishing exercises to ensure their teams are actively vigilant. Security training is arguably the most significant action companies can take to protect themselves and provides the greatest return on investment.
These recommendations are the minimum endpoint focused controls an organization should incorporate. Some are simple and foundational (“regular patching”) while others are more modern and a shift towards empowering the user to increase corporate protection (inbox detection and response). All are needed in the era of ransomware because it isn’t a question of “will I be affected?”, it is a question of “when?”
About the Author
Jonathan Goldberger is the SVP Security Practice at TPx. Jonathan Goldberger is an accomplished Senior Executive with more than 25 years of success spanning security and technology roles. He has a diverse cyber-security experience leading consultancies at Cisco, Cybertrust and Sourcefire, sales engineering at Venafi and as General Manager Security Solutions at Unisys. In these roles, Jonathan managed teams as large as 200 and held P&L’s up to $70M.
Jonathan’s expertise extends across managed services and professional services with solutions incorporating intrusion detection and prevention, firewalls, endpoint protection, identity, data loss prevention, security incident and event management, orchestration and cloud security. Additionally,
Jonathan has worked with security frameworks like ISO 27001, NIST 800, FedRAMP and Zero Trust. Equally as important, Jonathan’s businesses have focused on helping Chief Information Security Officers communicate security to the board room.
Jonathan obtained his Bachelor of Science from The University of Alabama and has held board positions with local community-focused boards and advisory positions with the cyber-security companies Data Defense Security, Secure System Corporation and CionSystems Inc.