Ram Narayanan, Country Manager, Check Point Software Technologies, Middle East, elaborates on the mistakes to be avoided in this world of cybercrime.
The world of cybercrime is growing every day, every hour, every minute. Check Point Software Technologies, a leading provider of cyber security solutions globally, shows how fast the cyber threat landscape is evolving. Recently Check Point Research (CPR) reported that globally there are 40% more attacks per week on organizations in 2021 compared to 2020.
Not only are attacks on the increase, new hacking techniques are emerging all the time such as the use of social engineering, where even experienced users may not recognize the hidden danger of malware in an otherwise genuine looking message. In addition to the growing number of threats, the Covid 19 pandemic, which turned corporate life upside down, now presents another layer of danger from a cyber security point of view. With more and more employees working remotely, there are more potential points of entry to the company network for criminals. As priorities changed, the need to communicate with customers and colleagues in the virtual world was often seen as more urgent than the need for security.
However, the damage a successful attack can cause may run into millions of dollars while also inflicting untold harm to the organization’s reputation. Costly cyber-attacks have been widely reported in the media this year so try to learn from the mistakes of others and most important, try not to repeat them.
So, what should you be looking out for and what should you take care to avoid?
- It doesn’t apply to me. The first and biggest mistake is the notion that it couldn’t happen to you. Do not assume your organizations have nothing of value that hackers are interested in. While there are some obvious high value targets, nobody is immune or off-limits as far as criminals are concerned. Every organization has a value. Plus, in the cyber world, many attacks are automated, so they may not be aimed directly at you. That doesn’t mean you won’t get hit by a ‘stray bullet’. Additionally, nearly half of all cyberattacks are aimed at small companies.
- Threats have always been around and always will be, protection can wait, we have more important things to do now. The Covid pandemic has brought new challenges and tasks virtually overnight. Most organizations did not immediately prioritize security when transitioning to a remote working environment. Organizations quickly told employees to start working from home and made remote resources available. However, addressing security after the event opens countless windows for attack and increases the chances of poor implementation. Cybersecurity should be an integral part of every project and every change, right from the start.
- I don’t have to worry about anything, the IT teams will figure it all out. IT security is not just the responsibility of the IT team. Collaboration across the organization is key. Take security into account in budgets and business plans, and at the start of new projects. Make security a priority and address security at management levels. Training and education are important because every single employee is responsible for protecting the organization. There’s no point buying an expensive alarm system and then forgetting to lock the office door at night. A similar situation occurs when users give their log-in credentials to cyber criminals, via phishing emails, and leave the door open for criminals to get into the corporate network.
- We’ve implemented a security solution in the past, that’s enough. Cyber threats are developing at pace. Attackers are using artificial intelligence, and threats can be bought by amateurs on the darknet. Using any outdated technology can exact a heavy penalty. You can no longer deal with these emerging threats by waiting for them to happen and hoping to stop them at the gates of your organization. Detection alone is not enough, the key to protection today is prevention and solutions that extract threats and eliminate attacks before they can do any damage.
- Vigilant during the week, but weekends are for relaxing! Hackers never sleep. On the contrary, they wait for you to let your guard down so they can easily hunt down their weakened prey. Don’t think hackers take holidays and weekends off. The opposite is true. Be sure to beef up your security on those weekends and holidays, because a weekend attack won’t wait until Monday. After all, we saw this recently in the massive ransomware attack, affecting over 200 companies that were compromised through Kaseya’s systems. Hackers chose the weekend to attack precisely because IT staff are often unavailable and organisations are more vulnerable.
- We’re in no danger and if something happens, we’ll improvise. In a successful attack, there’s no time to panic or think too long. Every second can make the difference, and for you it can mean whether the damage is in the hundreds of thousands or millions of dollars. It is essential to have a clearly defined incident response plan, clearly identified procedures, responsibilities and contacts.
- We stopped the attack, that’s the end of it. The opposite is true. It’s just the beginning. If an attack does occur, it’s important to not only stop it, but also to thoroughly investigate why the incident took place. Investigate where the vulnerabilities are, how to improve security so the situation doesn’t happen again, and to make sure all systems are now safe and in their original state. Prevention work after an attack is just as important as stopping it in the first place.
- There’s no rush, updates can wait. You might think that software updates will add a few features or some small things and that you don’t need it right now. However, updates also contain important vulnerability fixes, so never put off installing updates and patches.
- Everything for everyone. Especially with the increase of remote working, company executives may feel the need to give employees access to all resources. But the lack of segmentation can only lead to the threat spreading throughout the network and causing even more damage in the event of an attack. Only allow access to the part of the network that a given employee absolutely needs to do their job.
- The network is secured, that’s enough. Don’t forget that security is not just about servers and the network. Security is also essential for mobile devices, personal devices, and increasingly smart technology and IoT, such as cameras, smart watches, smart light bulbs or even sophisticated hospital equipment like an ultrasound machine. Anything with an internet connection can pose a threat so approach the problem holistically.
Getting your security strategy right is a very sensitive issue. If you make security too strict and impose the toughest possible policies and rules, it won’t work. You have to take into account business processes, culture and working practices. If security makes employees’ working lives significantly more difficult, they will look for ways to get around everything and the originally good intention will be completely undone. So, there is a need to align all elements into one workable system. Don’t hesitate to enlist the help of external experts to help you fine-tune the whole gig.