Carl Mazzanti is the president of eMazzanti Technologies in Hoboken. |
The owner of a $300 million business recently contacted me and noted that someone had hacked into his email account. “But no worries, I’ll just change my password,” the person said. The problem is, they did not realize that a hacked email is just the beginning.
|
The timing of the attack takes on significance because it was October, Cyber Security Awareness Month. However, too many people continue to lack awareness about the threat posed by cybercriminals. It seems like many business owners think they will never be targeted — so they do not act until it is too late.
Consider the hacked email account. Having gained access, a bad actor can view emails and contacts and potentially start hacking everything that comes through that email – including bank and social media accounts. Changing the password, which was the plan of this business owner, is like closing the barn door after the horse has bolted.
To that end and for the month of December, eMazzanti is offering 3 specific promotions to help prevent cyber hack’s:
Stay Current, Stay Safe, Stay Protected.
Unfortunately, this particular owner and their company never implemented the array of cyber defenses that are available from experienced managed IT service providers. An effective cyber defense initiative should be organization-wide, ongoing, and managed 24×7 with a layered approach. For example, protecting digital endpoints – like desktops, laptops, and smartphones – with anti-virus software alone is not enough.
A well-crafted plan will include such features as multifactor authentication. MFA is where users must provide additional identity verification – like entering a code received via phone – before they are granted access to an account or an app. Other components should include a comprehensive file backup solution with cloud-based or other offsite storage, a well-developed and updated incident response plan, strong password policies, and a blueprint to secure the organization’s domain name system – which identifies computers reachable through the internet or other Internet Protocol (IP) networks – good user-cyber hygiene, and security awareness.
Ongoing security incident event monitoring and a 24x7x365 security operations center are also critical defense components, since even the most sophisticated threat actors may leave traces of activity indicating that an attack is either imminent or in progress.
The SIEM component is a security layer that collects and tracks information or data, creating a reliable activity log enabling organizations and their Cyber Security partners to detect and respond to threats in a faster, more efficient manner. When SIEMs were first developed, they were so expensive that only large organizations could afford them. However, technological advances have brought the price down to the point where SIEMs can be included in an affordable security package for mid-size or smaller organizations.
Then there is the SOC layer. Guaranteeing an organization’s safety includes detecting any malicious and unusual activity, which takes time, expertise, and the right technology. Properly trained security engineers can triage and analyze alerts and then provide complete Incident Response guidance and remediation — going beyond the automated discovery of cyber threats. A well-designed, scalable security operations center service will integrate real-time automated monitoring with 24x7x365 human expert analysis of critical infrastructure device logs. Using industry best practices, SOC response teams initiate threat mitigation and remediation either remotely or onsite, providing managed detection and response that proactively protects against ransomware and other threats.
To further reduce the attack surface or area of vulnerability, organizations and their Cyber Security solutions partner should proactively identify and address as many security-related issues as possible. A good starting point involves first having all devices undergo a comprehensive cyber risk assessment, and then loading them with reputable, proven endpoint security protection. Then, a policy ensuring hard-to-crack password usage, storage, and updates should be developed, implemented, updated, enforced, and periodically tested. Further, in addition to periodically backing up data and maintaining 24×7 monitoring, software patch downloads should be done on a timely basis to ensure that vendor-provided protection and enhancements are up to date.
Businesses may also wish to consider restricting access to their website with geo-blocking, which allows organizations to prohibit access from specific countries and may help to prevent nation-state hackers from accessing agency systems.
To counter automated hacking efforts, organizations may want to automate key tasks related to Cyber Security, including such basic activities as backups, email filtering, and patching updates. Additionally, companies should automate threat-detection-and-response with such tools as big data analytics and machine learning, which can help detect and contain attacks before they cause damage.
A well-designed Cyber Security program will also consider the human component: engaging employees with actionable training content that includes simulated attacks, and assignments designed to change and enhance user behavior while tracking results and progress with easy-to-digest reporting.
Well-crafted security awareness training can also reduce risky employee IT behavior that leads to security compromises. For example, one of the best defenses against bad actors involves thinking like one. Since cybercriminals search for cracks in a company’s defenses and vulnerabilities in their systems, businesses and other organizations should also do this — by conducting “penetration tests” to simulate cyberattacks and uncover weaknesses. During a penetration test, a skilled tester uses the same means a hacker would, to expose weaknesses in the system.
Organizations that pair Cyber Security best practices, hardware, and software with security awareness training find that employees will be more alert about avoiding phishing and other types of social engineering cyberattacks. When personnel follow written IT policies and best practices, adhering to applicable data privacy and compliance regulations, they will be in a better position to spot potential malware behaviors and report possible security threats.
The value of business and other organizational data is increasing, and the incidence of ransomware and other dangerous threats continues to multiply. Companies that embrace appropriate security, learning, and other resources to defend themselves will be less attractive to hackers – who, after all, want to make a quick incursion – and will reduce their chance of being victimized by digital criminals.
In today’s fast-paced digital landscape, businesses cannot thrive without effective collaboration. Microsoft continues its unwavering…
An email signature accomplishes much more than simply telling readers who you are and how…
Cyber security professionals work hard to safeguard companies’ information. But with criminals constantly changing their…
Domain-Based Message Authentication, Reporting, and Conformance (DMARC) is an e-mail security protocol designed to validate…
My job is to manage my law office’s cloud servers here at Justice Freaks. As…
My worst nightmare would be to date someone who isn’t who they say they are.…