Cyber Self-Defense: Prepare for the No. 1 Threat By Taking These Five Steps 

Cyberattacks remain the number-one threat to organizations’ ability to keep their mission-critical operations running. Today’s post lays out five key measures your company should have in place to harden its computer systems and increase its resilience.  

The Relentless Rise of Cyberattacks 

Wars, heat waves, and inflation may come and go, but in today’s world, one thing seems constant: cyberattacks will continue to increase in numbers and sophistication.  

Chances are your organization has already been targeted by such an attack. If you’ve suffered a serious impact as a result of a cyberattack, you’re in good company. If you haven’t, you’ve been fortunate.  Either way, there is no time like right now to review and beef up your cybersecurity posture.  

Five Steps to a Good Cyber Defense 

In our experience, there are five measures every company should have in place to enable it to practice good cyber self-defense. 

  1. Identify habitual clickers and incentivize them to change their behavior. Most breaches occur because an employee clicks on a link to an infected file that arrives in a phishing email. Sometimes emails trick employees into visiting websites run by hackers and entering their security credentials. At most organizations, most employees are very good about not being taken in by these kinds of scams. However, almost every organization has a small group of employees who are habitual clickers; that is, people who tend to click indiscriminately on links arriving in their inboxes. Most organizations know who their habitual clickers are. At the same time, most companies tend to respond to this problem in a wishful, passive manner. They might send out reminders to the entire workforce and hope for the best. This is an inadequate response to what could be an existential threat. Companies need to identify their habitual clickers (if they haven’t already) and work with them directly, providing personalized training and incentivizing them to modify their behavior. The focus should be practical, not punitive. You might say, “You’re a high risk for causing a malicious attack in our organization because you’re having a problem distinguishing these emails. We want to help you.” If the clicking continues, the organization needs to take steps to put a stop to it. In this day and age, opening attachments from unknown senders is as dangerous as a jewelry store leaving its safe and outside doors open overnight—maybe more so, since one open door can give hackers access to the systems of an entire global organization.  
  1. Make sure the appropriate security technologies and processes are in place, monitoring is automated, and patches are up-to-date. Most companies do a pretty good job in this area. They have spam filtering, web filtering, and security monitoring tools. However, we do see two common vulnerabilities when it comes to security technology. One is that some organizations still rely on the manual checking of security logs. This is a mistake. Such logs should be monitored automatically, twenty-four hours a day, with alerts going out immediately in the case of anomalies, to allow staff to investigate and respond promptly. The other common vulnerability involves the use of legacy software that can no longer be patched, leaving it vulnerable to current threats. There are many understandable reasons companies hang onto legacy software, but from the security perspective it creates a significant hole—one that threat actors are actively on the lookout for. 
  1. Have a comprehensive, integrated security response plan. A good security response plan is more than just a high-level sketch of what the organization will do in the event of a cyberattack. It sets out what the organization is going to do, how it will do it, how everyone will communicate, and how the different portions of the network can be segmented off in order to quickly isolate the intrusion and limit the damage. It should also integrate with the crisis management and IT/DR plans. 
  1. Establish a process that will enable everyone at the organization to quickly reset their passwords. A serious cyberattack might require that every existing password be reset. This might protect the company but it will also lock out all of the employees, disrupting communication and preventing people from working. To ensure the organization can take this in stride, the IT department should set up a process that allows for all passwords to be reset, including system and admin-level accounts. This process must communicate what all individuals are required to execute.  
  1. Develop the ability to rebuild your IT systems from scratch across the board. This is another measure that can become critical in the event of a serious attack. Such an attack might require the organization to shut down the IT environment and rebuild everything from scratch. This process can take multiple days or weeks. A plan should be devised that will enable the IT department to do this as quickly as possible. A necessary adjunct of this plan is that the various departments need to be able to perform their mission-critical processes manually for as long as it takes to get the system back up. This is especially important for payroll, time tracking and, stakeholder communication (e.g., customers, vendors, and regulatory). 

Mastering the Art of Cyber Self-Defense 

The number-one threat to organizations’ ability to carry out their mission-critical activities is cyberattacks, which have been steadily increasing in numbers and sophistication. Fortunately business is not helpless in the face of this threat.  

By implementing the measures outlined above, your organization can take significant strides toward reducing its vulnerability to such attacks. By becoming proficient in the art of cyber self-defense, your company can enhance its resilience and better protect its stakeholders. 

Further Reading 

For more information on cyber defense and other hot topics in BC and IT/disaster recovery, check out these recent posts from MHA Consulting and BCMMETRICS: 

 

About
Richard Long
Richard Long is one of MHA’s practice team leaders for Technology and Disaster Recovery related engagements. He has been responsible for the successful execution of MHA business continuity and disaster recovery engagements in industries such as Energy & Utilities, Government Services, Healthcare, Insurance, Risk Management, Travel & Entertainment, Consumer Products, and Education. Prior to joining MHA, Richard held Senior IT Director positions at PetSmart (NASDAQ: PETM) and Avnet, Inc. (NYSE: AVT) and has been a senior leader across all disciplines of IT. He has successfully led international and domestic disaster recovery, technology assessment, crisis management and risk mitigation engagements.
bcm challengesInherent Risk vs. Residual Risk