One area that can never be too clean is your cybersecurity strategy. As always, cyberattacks are a constant threat according to the 11th and latest edition of the Data Breach Investigations Report from Verizon which analysed 53,000 incidents and 2,216 breaches from 65 countries around the globe and published its findings here. ( https://www.verizonenterprise.com/verizon-insights-lab/dbir/ )
Of all the malware-related cases, 39 per cent contained ransomware, which has shifted in focus from single users at an organisation to a more widespread concern targeting critical systems and servers. Experts believe that the ransomware is not just being used to collect ransom payments but as a disruptive mechanism to remove or destroy data and cause disruption to services, more in keeping with DDoS motives.
In contrast to what you might think, the report found that most of the breaches were perpetrated by outsiders, 72 per cent in total, with 50 per cent of those being run by organised criminal groups and 17 per cent nation state or affiliated groups. Only about 27 per cent were attributed to insiders and 17 per cent of those were employee error with no malicious intention, so the insider threat isn’t as prominent as you might think. However, malware usually finds its way into your organisation via your users, and then once in spreads the same way, so protecting users should still be a key element of your defences.
With all this in mind, think about how you are protecting your firm, what protective tools are you using, and how vigilant your users are. This involves training them regularly and in an engaging way to help them spot the risks and potentially malicious links and attachments, and identify tricks and patterns associated with cyberattacks. In addition to user training and awareness, re-evaluate your IT estate to make sure you have the right tools in place to protect your data. The main way to protect against malware is a next generation anti-virus software which is kept up to date and is smart enough to recognise not just known threats but patterns of behaviour or technical traits that are normally associated with malware.
Protect users at the endpoints too with endpoint AV and look at new endpoint detection and response software which combines elements of AV, network monitoring and malware remediation for a next generation approach to endpoint protection.
In addition, invest in a network security solution which monitors the network and its files for threats, both incoming and outgoing, alerting an administrator if it identifies any suspicious or malicious behaviour. A web security solution will also protect your firm’s web based assets and applications.
By taking a predict, protect and disarm approach to your cybersecurity strategy, you’ll be thinking about threats before they become attacks and using the tools available to neutralise threats before they do too much harm. Combine this with a robust user awareness and training programme and you’re really doing everything you can to get your firm in order.