Do you remember the first time you heard about a cybersecurity incident? It was in 2013 when Target stores got hacked and over 40 million credit and debit cards got compromised by some malware that was implanted in the Point of Sale system. Only three years ago in 2017 the personal information of 147 million people was stolen from the very organization charged with assessing and protecting our credit information – Equifax. And in 2020 GCommerce was the target of an incident that caused the aftermarket’s leading provider of electronic messaging (EDI) to be offline for more than 3 days.
The frequency and audacity of cybersecurity incidents has grown exponentially in recent years. And as every “thing” becomes connected in our interoperable world, the need for a strong cyber defense strategy cannot be overstated. It is not a question of “if” your network will be the subject of an attack, but a question of “when” the breach will occur and what your response will be. Your network is being probed and confronting new threats every minute of every day. Because you have deployed antivirus and malware detection systems, most bad-actors are denied access and the threat contained.
But it only takes one click on the wrong link or attachment to unleash a virus, ransomware, or other malware on your systems, your data and your users. I spoke with one executive who said that despite all the software, hardware and training they invest in, he has a policy of two strikes and you’re out for his users who click on the wrong e-mail attachment. A cybersecurity strategy is comprised of people, processes and technology. And of these the greatest risk is in the people. It only takes one person to not follow the process and defeat the technology.
This is a problem that affects organizations of all sizes. In fact, it has been estimated that one in five small businesses that are the target of a ransomware incident will not survive. There are a number of strategies and technologies that can be deployed before the unthinkable happens to your enterprise.
· — Employ multiple layers of antivirus and malware detection, DNS monitoring, Firewall and Behavioral Monitoring. Like the multiple steel vault doors in the opening of “Get Smart” these tools reinforce one another and reduce the vulnerability of a single weakness.
· — Operationalize security and compliance by making the process part of standard operating procedures. Like a fire drill, you hope you never have to use it, but the only way to know if you are prepared for an incident is to practice the response plan twice a year.
· — Do not rely on a single back-up and Disaster Recovery strategy. Fortunately, technology has evolved to the point where it is affordable and practical to have back-ups to disc, to tape and to the Cloud. Not all applications and services are created equal. So, the speed of recovery and the point of recovery will vary depending on the application – month-end reporting does not have the same urgency as real-time transaction processing, for example. Disaster Recovery as a Service (DRaaS) is available and can ensure that your resiliency is measured in minutes or hours – not days.
We all know how technologists love their acronyms. A couple that are especially important to a discussion of cybersecurity are CISO and SOC. A Chief Information Security Officer (CISO) is an IT executive with ultimate responsibility over the policies and processes that safeguard the computing environment. In 2018, The Global State of Information Security Survey 2018 (GSISS), a joint survey conducted by CIO, CSO, and PwC concluded that 85% of businesses have a CISO or equivalent and 40% report directly to the CEO. Ask yourself who has the ultimate responsibility for your data, IT assets and computing environments, free of conflict of interests with the CIO or IT directors. An effective CISO is independent of the business and focused exclusively on the security of the computing environment.
SOC stands for Service Organization Control and SOC Audit Reports are intended to meet the needs of a broad range of users to provide detailed information and assurance about the controls at a service organization. Since your chosen service provider may well be relying on other service providers, such as Cloud Services, you may certainly require a SOC Audit to report on controls … relevant to security, availability, processing integrity, confidentiality or privacy (AICPA).
There’s a lot to know about cybersecurity and the steps one can take to prevent an incident or quickly recover from one that occurs. I urge every businessperson to learn more and ask hard questions about the preparedness of their enterprise. As Steven Smith, Founder and CEO of GCommerce said following their cybersecurity incident, “Believe me, no one wants to wake up to learn the news that their company is a victim of a malware attack. No one or no company should have to experience that. For that reason, we are planning to share what we have learned through this event in the hopes that we can spare someone else this experience in the future”.
It may be inevitable that your enterprise will be the target of an attack one day. How well you survive and how quickly you fully recover is a direct biproduct of the technology, policies and processes that you put in place today. And for goodness sake when reviewing e-mail messages from outside your network of known contacts … when in doubt – throw it out.
