With all the current events happening in the world there is a concern now that the level of cyber attacks will increase in the US. The government, through CISA (the Cybersecurity and Infrastructure Security Agency) has recently issued a “Shields Up” alert. Certainly, there is cause for concern but let’s put this into perspective. Colleagues of mine in the know have indicated that generally the level of cyber attacks in the US has not increased as a result of the recent world events. The threat actors that people are worried about have other priorities right now that are consuming their resources. That is not to say that we may not see a substantial increase at some point, but this is where we are as of this writing to the best of my knowledge.
Now, with that said, businesses are in a scramble due to the cyber alert to get their cybersecurity in order. Now is not the best time to get started. The best result comes from incremental changes over time, so this process needed to start several years ago. To attempt to compress years’ worth of infrastructure and cybersecurity upgrades and strategies is potentially very costly and may be highly disruptive, as glitches will happen when you rush. Having said that, getting started now is better than continuing to do nothing.
Generally, you should not react solely based on current events. You should always be prepared for the worst. An incremental and proactive approach will yield the best results over time so you are always in the best position possible to weather cyber threats. Contrary to popular belief, it is not a matter of just having the best protections possible to keep the hackers out.
Protection is part of it, but it is not everything. If a hacker is determined enough and has the resources, they will get onto your network, particularly if they are a state or state-sponsored actor. You have to deal not only with protection, but how you deal with it when the hackers get into your network. What then? What do you do? How would you know if they are even there? They could be lingering for days, weeks, even months, getting deeper and deeper and you will not know until it is too late.
You need to not only have protection technologies running, like antivirus and firewalls, but other tools and resources in place to monitor for signs of exploitation on your network, with the ability to take immediate action if a compromise is found. You need to know who you are going to call when the exploit happens. You need to have a cyber insurance policy in place as they bring resources to the table for incident response, legal and other services. Consult with your cyber insurance agent for more information on specific coverages and exclusions.
The bottom line is stick to the fundamental principles of cybersecurity – keep you systems patched and up to date, especially internet facing systems. Incorporate multi-factor authentication wherever possible, especially on internet facing systems and cloud-based services. Have anti-malware and other security software running in your environment. Restrict user access to only the resources they need and nothing more. Segment your network. Have backup and recovery solutions in place and regularly test them and separate them from the rest of your network.
Have an incident response plan and a team of people in your organization assigned incident response roles and know who is doing what, and do regular practice sessions (called “tabletop exercises”) to simulate an incident. Implement security awareness training for everyone in the organization and make cybersecurity a part of your general organizational awareness and culture, so that it is always top of mind for everyone.
By no means is the above a complete list, but this will get you on the right path to better cybersecurity. Professional help may be needed to fully implement the best cybersecurity strategies for your organization.
The key point here is that you should not wait for an event to occur to start working on your cyber security. Cybersecurity preparedness is a continual process, 24/7, 365 days a year. You should always be prepared. Now some businesses may be less of a target than others. If you are in what is considered a critical industry, then you may be more of a target than others and should plan accordingly.
Even if you are not, however, you still may be target if you have such industries as customers/clients as the hackers will get to them through you. Conversely, you should scrutinize your vendors as well, as hackers will get to you through them. Make sure they are following all of the cybersecurity best practices, Don’t be hesitant to ask them about it.
Cybersecurity is by no means set and forget. As I mentioned, while it is important to know what is happening in the world and how it can affect your cybersecurity planning, you should make cybersecurity a normal ongoing process in your organization so that you are always prepared. It is much like an individual taking care of their health. If a person does not do all the right things, they could get very sick and possibly die as a result.
If the person eats the right foods, does the proper exercise, etc., they may still get sick, but it will likely be mild and they will get over it quickly. It is no different with cybersecurity. If you follow all the cybersecurity best practices and make it an ongoing part of your organizational process, you may still get hit, but the impact will likely be minor and resolved quickly and your business will continue running.