As discussed previously, cyber breaches have been on the rise the last few years, especially with smaller businesses. The rationale seems to be related to inadequate cyber security or inadequate resources to address the growing threats for cyber breach. In fact, 43%, of cyber-attacks worldwide last year were against small businesses with less than 250 workers. Additionally, the average cost of ransomware attacks is approximately $840,000, not to mention damage to corporate reputation in the marketplace.
Data Protection Trend Shifts
There have been various shifts in trends for data protection as outlined below:
- Innocent actions of employees to calculated malicious actions of cyber actors
- Revenge attacks to revenue generating ransomware
- Practical storage of data for business use to required safekeeping for compliance
So, where are the holes that need to be filled in your security fabric? How can you know at what level you may be vulnerable? The best answer is to have periodic security audits. Through these audits, or assessments, each layer of security is tested and monitored for indicators of cyber threat. Let’s review the layers of security and the questions that should be asked during/after an assessment:
Layers of Security
People. Personnel behavior is a function of both knowledge of technology and company policy. An assessment may reveal where employee education is lacking in both use of the technology and the policy guidelines under which they are expected to operate
Perimeter. Are critical company assets kept “under lock and key” with limited access by appropriate personnel only? Are the assets in a conditioned environment suitable for operation during normal business hours?
Endpoint Protection. Are all devices, primarily servers and workstations protected from cyber breach by appropriate cybersecurity software? Is the software up to date with the latest available patch or fix?
Networks. Are the networks protected from intrusion by appropriate firewalls and software? Are they monitored for anomalies in incoming and outgoing traffic? If detected, do they alert, or do they trigger activity from a Security Operations Center (SOC)?
Application layer. Has an appropriate security model been established within each application and vetted properly to demonstrate that only appropriate access has been given to the appropriate personnel for each functional role?
Data security layer. Has a security model been established for files and folders, to limit access to only those for which it has been designated? (Active Directory/NTFS permissions)
Mission Critical Assets. Have the critical assets, both hardware, software, and facilities required to operate the business been identified? Has a plan been developed for recovery of operations in the event of unplanned outages?
The best method of protection to ensure all layers are addressed properly is to perform the Cybersecurity Core:
Patch Management. Operating systems, application “bug” fixes
Security Updates. Releases from security providers to update to most current threats
Business Firewalls. Limit what IP addresses are allowed traffic on the internal network
Secure Access. Controlling what users have access to on the network based on functional roles
Back-ups. Routine, targeted backups of business-critical data and applications
Encryption. Embedding data in secured packets so as not to be intercepted by malicious actors
Monitoring. Regular, routine monitoring of network and alerting on traffic anomalies
Endpoint Security. Identifying and blocking of network traffic recognized as malicious
After this, follow the cybersecurity essentials checklist: end-user self-assessment; DNS filtering; regular cybersecurity assessments (quarterly); end-user awareness training and testing; monthly dark web monitoring; and basic cybersecurity policies (annual review).
By performing security audits, ensuring both the core elements of cybersecurity are working in conjunction with the essential elements, a business can build confidence that their security posture is intact and performing as designed.
