When it Comes to Cyberattacks, Prevent, Detect, and Respond
Attack the Problem
By Sean Hogan
Over the course of my time as a business owner, I’ve been asked many times, ‘what keeps you up at night?’
In the early days, I would have said ‘payroll, employees, and sales,’ and maybe not necessarily in that order. Today my answer would be ‘cybersecurity.’
As things have advanced in technology, the web, connectivity, and social media, we have created an easy avenue to our data. Our exposure to hacking is one port away on your firewall, and in some cases, someone may have already breached that firewall.
Security practices in the past do not hold up to complex hacking attacks that are constantly barraging the internet. It used to be adequate to have complex passwords and updated computers with all the patches and security updates. The hackers have concentrated on the lowest-cost and easiest way to infect your computers.
In most cases, it’s a phishing attack. Phishing attacks are e-mails disguised as a reputable company with a clickable link or some embedded malware. The cyberthieves send out thousands of these attacks and lie in wait until some innocent victim opens the e-mail and clicks on the link or attachment. The malicious robot servers automatically churn out these e-mails, and before they know it, their device and network are infected.
Many of these attacks are designed to install ransomware or access all your critical data. The ransomware will lock down the machine and encrypt your data. They will contact you and request bitcoin to then release your data. Some hackers will pull your data, including contacts and personal information, and post or sell your data to the dark web.
Hacking has evolved greatly within the past few years. In the early days, we would receive a letter from the Nigerian prince, looking to transfer $7 million to you just for good measure. Modern-day hacks and phishing e-mails are very complex; they quite often mimic FedEx, UPS, and customer e-mails so you are more prone to click on the bait.
“As things have advanced in technology, the web, connectivity, and social media we have created an easy avenue to our data. Our exposure to hacking is one port away on your firewall and in some cases, they may have already breached that firewall.”
The most successful program to prevent phishing attacks is training. There are several services that offer security-awareness training (SAT). When you sign up for this type of training, you will be taught what to look for in phishing e-mails and how to respond. The SAT will also include a ‘fake attack’ so you can measure the results at your business and use it as a teaching aid to prevent against future attacks.
Businesses need to embrace a cybersecurity strategy. There are three categories to cybersecurity: Protect, detect, and respond.
Ask yourself, do you lock your car? Do you lock your front door? Think of your connection (router) as your front door to the web.
Securing this device is the first step in preventing hackers from getting in. Not only should you have the best-in-class router, you also need to maintain the patches and security updates, so the unit does not fall to the constant attacks from the internet.
Beyond the firewall, you need to secure your ethernet switches and your wireless access points. Access points are an easy target for rogue hackers; they often log into a weakly secured access point, and once they have entered, they can navigate your entire network.
Most often, malicious attacks are delivered via e-mail. Logically, it is critical to have very updated anti-spam software, as well as antivirus and malware protection.
It is also critical to have current backups; best practices recommend a full on-site backup with a virtual cloud backup. It is crucial to know that your backups are tested; if you are backing up corrupted data, then your backups are useless.
Early detection can save lots of time and potential loss of data. Most breaches are not detected for more than 100 days after the breach. Once you detect a breach, you can contain and react to that breach. This begs the obvious question: how can you detect a breach?
There are several ways to go about detecting a breach within your system. First is to engage in a dark-web monitoring service. These services have ‘crawlers’ that are constantly scanning the dark web. They will scan your company and your personal information. When they find your data on the dark web, the service will alert you and let you know what that information is and where it came from, but don’t get your hopes up; you cannot remove your information once it is on the dark web. For instance, LinkedIn was breached more than 10 years ago, and if you had a LinkedIn account in that time frame, your username and password are available on the dark web.
It’s not a matter of if, but when you are a victim of a cyberattack. Rapid response to a breach or infection is critical, and the faster you respond, the faster it will reduce your exposure. In some cases, you will need a support team to assist in cleansing machines, loading backups, and scanning your network.
The proactive approach is to engage a security operations center. This is a team of security professionals that will monitor your network and device. In the case of an infection or breach, the team will jump into recovery mode and secure your data.
Above all, it’s important to stress that cybersecurity is more of a culture than a service. Cyberattacks cannot be prevented, but they can be avoided by having the proper procedures and training. Cybersecurity requires awareness and the ability to eliminate your personal and company exposure. All the tools in the world won’t prevent someone from clicking on malware in an e-mail. It is important for a company to have a stable cybersecurity policy and program in place.
Don’t wait until you are hacked to implement a cybersecurity prevention and awareness program.
Sean Hogan is president of Hogan Technology, a full-service managed IT, structured cabling, and cloud-services provider; (413) 779-0079.