6 simple steps to fight off cyber attacks
Many medium sized enterprises feel threatened in the wake of recent ransomware and hacking attacks on Australian firms and global companies.
If well known brands are attacked and breached, how can smaller organisations defend themselves? Does it mean that medium sized firms face even greater risk? And if it does, what can they do about it? Some of these tips might help your firm weather the cyber security storm.
1) Where should SMEs invest money for their tech security?
Legacy antivirus has long been a staple of security but the market is now seeing a natural evolution to next-generation antivirus. Mid-sized firms should look to upgrade away from ineffective, signature-based legacy AV to an NGAV solution that can provide visibility across the enterprise. It’s critical for both SMEs and large businesses to know what’s going on with their business and NGAV can help provide that visibility.
2) What are the priorities?
Mid sized firms should look to protect their most valuable assets, which more often than not revolve around data. It’s very rare that attackers are able to access data directly. Most often they look to compromise endpoints and specific accounts.
The best investment which mid-sized firms can make to protect access to endpoints involve implementing an NGAV solution and protecting accounts through multi-factor authentication.
These investments will be well worth their implementation time and provide a significant return on investment. Several layers of defence are best and so while free two-factor authentication for email will make it harder for attackers to gain access to corporate emails, anti-phishing-based email services can weed out malicious messages from staff inboxes before they are exposed to them.
3) What security weaknesses do mid-sized firms have that larger companies tend not to?
The biggest security weaknesses for mid-sized firms often result from their limited resources, both financial and personnel, compared to their larger peers. The cost of implementing above average security often exceeds the budget for smaller firms.
The reality is that as these businesses grow, their costs also increase. Security skill-sets can be tough to come by and are often expensive. Very few capable security professionals are willing to be the lone security person on staff.
If mid-sized firms don’t have the money to hire robust security staff, they may feel hamstrung. However, there are a number of free and cost effective solutions, such as NGAV, that SMEs can implement without having to break their budgets.
4) Should firms be updating their operating system?
Upgrading operating systems is certainly best practise but is not by itself a necessity. Merely updating the operating system should not be enough to help a business owner sleep better at night.
End of life operating systems such as Windows XP should be replaced with more modern alternatives but merely updating the system to a currently supported version cannot be the only security measure implemented.
5) How should mid-sized firms protect from cyber attacks if they can’t afford a dedicated service?
Keep everything simple. Keep the environment simple and keep controls simple. Entropy differs across an environment. If a firm allows employees to bring their own devices, for example, infections may spread across the enterprises.
By keeping the environment homogenous and implementing and sticking to security standards, smaller firms can go a long way to establishing good security hygiene from the start. They should leverage their smaller sizes as an advantage.
6) What can happen in the worst case scenario?
Mid-sized firms are built on their brand and reputation. Unfortunately smaller business are unable to absorb the same brand damage associated with a breach that larger organisations can. A single compromise can have a much bigger impact and potentially cripple a smaller firm.
A single wire transfer that doesn’t come in because it was redirected to an attacker’s account has the potential to bankrupt the business. Although it’s not an extremely common occurrence, it’s certainly a fear that keeps managers awake at night.
Don’t panic!
This advice should help SMEs to feel more confident in their ability to defend themselves successfully in a world experiencing ever more cyber attacks. SMEs shouldn’t feel that the fact big brands are being successfully breached means it is inevitable that they will be, or that they shouldn’t invest in defence.
The price is too high to overlook protection. Simple measures can be put in place to keep medium sized firms secure.
Kane Lightowler is the Managing Director of Carbon Black in the Asia Pacific & Japan. He has a decade of experience in Information Security, including hands on technical, consulting and architectural review, penetration testing and business development.