A lot of people are willing to give you tips on cybersecurity, ourselves included. However, a lot of people do not focus on response and readiness, and we have to wonder why that is the case. Although prevention is better than treatment, prevention is not always possible. Thus, you have to have a plan in place for those incidents in which your precautions fail. Let’s discuss why all businesses need to have a cyber readiness plan and give you some advice on what that plan should include.
Cyber Threats Are Not Always Predictable
The idea of stopping a cyberattack before it starts is very appealing. This is definitely the easiest situation for a company to deal with, but it isn’t very realistic. Readiness plans, no matter how thorough they may be, can only deal with known threats. The unknown threats are the ones that you really have to worry about, and that’s why there is always a chance of getting hacked.
So, when that happens, do you want to be caught with your pants down? Of course not. Instead, you want to be proactive and activate a well-organized response plan. You can’t really come up with such a plan on the fly, and you wouldn’t be able to implement things that quickly anyway. In the end, precautions are the only solution.
How Big Is the Problem?
When it comes to reasons for which you need a cybersecurity response plan, we need only look at the huge number of hacking/data breach incidents that occur every year. Some estimates, like this one, are as high as 800 million per year. In fact, 812 million is just the number for “malware incidents.” Most cyberattacks do involve malware, but we can still presume the numbers to be even higher.
A few other alarming statistics from this same source:
- 92% of malware is delivered by email
- Ransomware attacks went up by 350% in 2018 alone
- About 25% of all businesses have been victims of cryptojacking
- Identity theft accounts for about 65% of all data breaches
- Social media and governments are the most frequent targets of data theft
With all these facts taken together, it is obvious that every company needs a cyber response plan.
Crafting A Good Response Plan
To get you started here, we might recommend that you read this handy guide from the FCC. They recommend that you begin by taking a data inventory. That means that you take stock of all the data that your organization holds, classifying it by its level of sensitivity. The government does this as well, using various levels of security clearances to categorize and compartmentalize the most important information.
You should make sure that your inventory allows you to answer the following questions:
- What kinds of data do you store?
- How is that data handled?
- How is that data protected?
- Who can access that data and how?
Layering And Compartmentalization
Once you have done your assessment, it is time to take some definite actions. You will need to create various layers of security in much the same way that the U.S. government does. These layers are separated by password-protection, but that doesn’t mean much without some kind of encryption. The use of multiple encrypted layers has proven to be the most effective network security model, as we can see when we look at the known effectiveness of the TOR browser.
The advantage of compartmentalization is two-fold. First, a cyber attacker has to break through many layers of defenses, minimizing the amount of access that they can get. It takes time and effort to get through even one good encryption, so multiple levels place many obstacles in their path. Secondly, it allows you to separate network users into different levels of trust and access.
The Importance Of Data Backup
When it comes to a data response plan, we cannot stress enough the importance of a reliable data backup scheme. This is, at present, the only reliable way to counter a ransomware attack. As we have already seen from the statistics we checked earlier, ransomware is one of the fastest-growing cyber threats and should not be overlooked.
Of course, there have been cases in which ransomware was able to corrupt the system backups. In fact, some of this software is programmed to seek out and destroy those backups automatically. Data backups are usually saved as system image files, as this is the most space-efficient way to store them. We would recommend that you keep at least one of these recent images on a computer that isn’t capable of internet access. Then, to prevent the danger of physical-access hacking, that machine needs to be in a locked and well-secured room. Guard it like gold because it can literally save you millions.
Consider Investing In Some On-Call Experts
Every company has IT people who are tasked with keeping the network running smoothly. However, disaster response might be a little bit outside their knowledge base. In some cases, the negligence of your IT people might be the cause of the breach, so you definitely don’t want to put the response plan in their hands. That’s why it can be helpful to keep a few outside experts on staff. They may only be useful in certain instances, but they can also save you untold amounts in terms of both money and reputation.
Conclusion
As we said from the outset, it is not always possible to predict a cyber threat. This is especially true when it comes to new or novel malware, as you can’t reasonably expect someone to guard against the unknown. For that reason, we would also advise you to avoid firing too many IT people in the event of a breach. Instead, it is better to focus on fixing the problems and returning your business to normal operations. If you have enjoyed this article and would like to learn more, you can all PCH Technologies at (856) 754-7500.