Cyber warfare is everywhere, and there’s breaking news on recent attacks hitting the headlines every week. Recently, Uber suffered a breach where the attacker shared sensitive data online. Of course, huge global businesses like this have a bigger target on their back, but there’s no doubt that cybersecurity threats are more prevalent than ever for businesses of all sizes.
The good news is that organisations and workers are more informed than ever and have all the tools to limit potential damage. But how should all this be put into practice?
At our recent Babble Live event at the Tottenham Hotspur Stadium, our cybersecurity partner, Acronis, offered advice on how businesses can manage their cybersecurity from start to finish, with a full cycle, four-stage approach. Here’s a recap of what we shared with delegates on the day.
Protection
We hate to throw out an old cliché, but sometimes the best advice is the simplest: prevention is better than the cure. This is pointing out the obvious in today’s world of digital natives, but the most important thing to do in any cybersecurity journey is limit threats before they are on your doorstep.
This firstly comes in the form of the right software, to detect and prevent malware and ransomware, and alert security teams to attempted breaches. This isn’t a one and done process – businesses should always be taking note of the latest developments in security tech and regularly updating their software to keep up with emerging threats. Other installations like VPNs and multi-factor authentication (MFA) are well worth investing in too.
It’s also essential that employees are trained up to identify and respond to cybersecurity threats themselves. We’re all more conscious of this than we were ten years ago, but regular training limits the possibility of human error – there’s only so much the advanced tech can do if someone’s naivety gets them into trouble.
Finally, backup to the cloud. If something does go wrong, whether that be a security breach or another incident that could take down your network, it is essential to have something to fall back on.
Detection
Now the scary bit. If all precautions have been taken and you still suffer a breach, you’ll need to act with urgency, but not panic.
Again, this feeds into preparing ahead of a breach, but a clear incident response plan will hugely streamline the process when things do go wrong – thankfully, the most recent Cybersecurity Breaches Survey showed 93% of businesses reported having some sort of formalised incident response process, a 27% increase on last year.
It is still up to organisations to ensure team members know where to start with this plan. All team members should know exactly where to turn when they need to. Whether it is an in-house team of experts or outsourced cybersecurity specialists, your team should have easy access to those who can help answer questions, identify issues and take necessary next steps.
It might not be obvious to many when a breach has occurred, but some identifiers of a compromised system include: strange activity in admin or privileged user accounts; irregular login attempts from different or unidentified geographies; unexplained changes in website traffic; or suspicious file changes. These are all indicators an IT security team should be ensuring show up on their security system.
Response
With a breach spotted and communicated to IT teams, the next stage of the response plan kicks into action. Though these plans vary from company to company depending on their needs, the first step is generally containment.
So begins a process of ‘quarantining’, whereby the scope of the incident is assessed and routes for spread are blocked off. For example, immediately disconnecting infected devices from wired and wireless connections is a good start, as well as widespread password resets. Meanwhile, IT should be checking their access controls.
Once contained, the process of eliminating the breach with anti-virus software and rebuilding can begin, with the replacement or reset of infected devices and reinstallation of the system. Finally, install, update, and run antivirus software.
Recovery
When systems are once again up and running, it’s important to closely monitor them to ensure no infection remains.
After any incident, it’s time to take stock, review what happened and see where lessons can be learned. Perhaps there is further action that can be taken to reduce the likelihood of it happening again, or it could be a case of once again reinforcing good practice across the business – either way, make sure your action plan is up to date with these important real-world lessons.
Increasing awareness and cybersecurity proactivity is great to see, but businesses can always invest more to keep up with ever more sophisticated attacks. So, make sure you’re always reading up on how to keep yourself and your business informed on the latest threats and the measures you can take to counter them.
