The speed at which hackers can take advantage of vulnerabilities that expose global systems and data is unprecedented. Almost daily, reports of cyberattacks on global companies and governmental organizations have prompted executives to review their cybersecurity policies and plans. Risks to information, privacy, reputation and business continuity are rising rapidly, yet not all companies have holistic strategies for preventing an attack or responding to reduce the damage. Establishing a cyber defense strategy from the inside out with careful planning is critical to minimizing risk and preparing for a security event.
Ransomware―malware that locks entire systems until a bitcoin ransom is paid―continues to cause losses of enormous swaths of sensitive consumer data and long periods of business downtime for many organizations. When a ransomware attack occurs, other costs like reputational harm, forensic investigation, restoration and deletion of hostage data and systems, can put long-term pressures on business. Initial 2017 cost estimates of $5 billion have likely been exceeded by recent high-profile hacks.1
Download the ebook: Are you Ready for the GDPR?
Companies are realizing that technology that protects the perimeter, like firewalls, can’t be the only defense against cyberattack. A strategy for protecting data from the inside out by establishing regular routines and policies for managing both technology and content is crucial. The recommendation to take a holistic view of cybersecurity is not brand new, but many companies have not fully embraced the approach and have experienced attacks or now face serious risks. The United States Federal Bureau of Investigation released a series of recommendations that help protect systems and information from ransomware attacks. Their first suggestion is to establish a Change Management plan to make employees aware of their role, as outlined in “5 Step Organizational Change Management Process for Cyber Security Threats.”
Companies should create a plan to systematize Cyber Defense and Ransomware prevention into their policies, processes and IT protocols. Before embarking on a these recommendations, it is key to put a Cyber Defense Governance Plan in place to define roles and responsibilities. It is also helpful to start by performing sensitive data audit to identify the systems containing the most at-risk, sensitive or mission critical data. The FBI’s recommendations are to2:
- Establish a patch response protocol and implement patches on operating systems, software, and firmware on all digital devices (which may be made easier through a centralized patch management system).
- Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
- Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
- Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they don’t need write-access to those files or directories.
- Disable macro scripts from office files transmitted over e-mail.
- Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
- Back up data regularly and verify the integrity of those backups regularly
- Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.
While these recommendations seem basic, implementing them across a geographically diverse organization can be complex and takes constant monitoring and planning. In addition, all divisions of the company should understand the risks of enabling or implementing applications or technologies connected to the network but not managed by a central IT governance plan.
In Part 2, we will talk about creating contingency plans to respond to the damage caused by a cyberattack.
1 Morgan, Steve. “Top 5 cybersecurity facts, figures and statistics for 2017,” Cybersecurity Business Report (blog), June 15, 2017, http://www.csoonline.com
2 “Cybercrime,” What We Investigate (blog), http://www.fbi.gov/investigate/cyber