Falling victim to a cyber attack from hackers is a painful experience that can come at any time without warning. The hard reality is that size or industry don’t make a difference when hackers are choosing their targets, and a company that pays scant attention to their information security exposes itself to the expanding menace of cybercrime. While these threats may not be clear or imminent, companies need to be prepared for the worst. This means investing in cyber security and having a plan in place for responding to and dealing with security breaches as they happen.
Preventing Third Party Breaches
We all tend to believe that nothing bad can happen to us…that is, until it does. With the threat of cyber attacks increasing daily, many organizations are still failing when it comes to adequately preparing themselves against this existential danger – more than 70% according to Chicago-based insurance company Hiscox.
Cyber breaches often come in the form of ransomware or DDoS attacks, with hackers exploiting internal weak points that are usually created by a company’s own employees. The widespread use of social media, with employees posting personal and professional information online, has made it much easier for hackers to use social engineering to penetrate organization databases. This is usually done through phishing scams, in which an apparently credible email with personal details is sent to an employee. After the unsuspecting victim opens the email, the company’s entire network becomes vulnerable to attack. Companies should also consider the potential impact of BYOD policies. It may be convenient and cheaper to have employees bring their own devices to work, but could open the company up to vulnerabilities that staff bring in from outside. The exclusive use of protected company computers and cell phones within the workspace can reduce the risk of security breaches substantially.
As the popular saying goes, attack is the best form of defense. That means investing in offensive security to test for weaknesses in networks and firewalls, a job often performed by penetration testers and information security analysts who continually simulate attacks against their own employer to snuff out gaps in security. On the defensive side, important data silos should be backed up continuously to avoid the threat of encryption and network security engineers should be used to build firewalls and properly encrypt company intranet and digital communications systems from outside interference.
Responding to Cyber Security Breaches
Several companies have come out recently saying their data was breached months ago but nothing was done because they didn’t see an immediate effect. In 2017, only 24 companies took it upon themselves to report breaches to the Securities and Exchange Commission (SEC). The response to this underreporting has been the release of new SEC guidelines on cyber security, building on existing rules and regulations which require companies to immediately report on and publicize cyber breaches, if and when they impact stakeholders materially. For a company that suffers a breach, the incentives to keep quiet may seem obvious at first. This is especially true if there seems to be no immediate threat.
Knowledge that an organization has suffered a data breach can lower trust among both customers and stockholders, leading to a potential downward spiral that could bankrupt a company and diminish the credibility of any organization. After all, as we’ve seen, companies are only required to report these incidents when it becomes clear that information has been stolen or damage caused. But after penetrating an organization’s security barriers, hackers may wait to strike at a later time. When they do strike, it could very well be through an unsuspecting third party server that has no idea it’s been compromised. Launching a counterattack against against a third party source could therefore be illegal and lead to criminal liability.
As the 2018 SEC guideline suggests, organizations should develop a plan of action to coordinate an effective response among all employees. Assessments to identify damage and how to limit it should be done immediately. As soon as a breach has been identified, the authorities should be informed with an updated damage report. By cross-referencing other reports, investigators can acquire leads that result in identifying the source and location of the hack. Staying up to date on cyber threats in your area or industry through Information Sharing and Analysis Centers allows you to pool resources with other companies, high level researchers and government agencies.