“A few lines of code can take down an entire enterprise, and cyber-attacks are growing in sophistication,” says Salvador Padilla, Director of Information Security at DATAMARK. As a former ISSO with the U.S. Navy, Padilla shares his best practices for preventing and recovering from a cyber-attack.
Learn the best methods to recover from a cyber security attack and train executives and employees to protect company data.
2021 set infamous records in terms of cyber-attack costs, as the damage of cyber-crime exceeded $6 trillion, according to Cyber Security Ventures. A 50% increase from just six years ago, in 2015, has become a grave issue for every cybersecurity team. With a cyber-attack occurring every 11 seconds, compared to 2016 of every 40 seconds, the number of threats SOC teams will have to face are increasing 4-fold.
Additionally, ransomware attacks account for nearly $20 billion in damage in 2021. A whopping 57 times more than the cost of ransomware attacks in 2015 ($325 million).
Most cyber-attacks have financial motivation, and ransomware remains a significant threat. However, ransomware isn’t the only type of attack companies should worry about since data corruption can stem from different attacks, including insiders and wiper-ware.
It’s only a matter of time before your organization experiences an attack, so it’s imperative to take precautions sooner than later.
Many cyber-attacks happen because users allow hackers to gain access. Educating them on the risks and how to spot an attempt is essential.
Employees can unknowingly fall prey to a phishing attack with just one click; and is a common method to gain access to a contact center. That one tiny click can shake your business’ foundation to the core. After all, the average cost of a single data breach in the U.S. in 2019 was $3.92 million. According to a report by Verizon, phishing attacks were accountable for 32% of those breaches.
It’s up to your company to educate your employees on how to identify malicious emails by implementing the following:
Security-savvy employees are your primary defense against phishing attacks. Creating mandatory company-wide security training goes a long way in protecting your company’s data. Implement this training into your onboarding procedure with regularly scheduled refresher courses.
Remember that security education can be exciting and formal. Your program will be more effective if you find ways to engage your employees. If they perceive the exercise as a mandatory session they need to “get through,” your lessons will fall on deaf ears.
Training should cover best practices, but you shouldn’t stop there. Ensure that your employees know what to do if they notice something suspicious and the steps to take to alert management of the issue.
The most critical element of protecting employees from phishing attacks is teaching them how to identify phishing emails quickly. Because hackers use authentic company logos and add small details to make their emails seem legitimate, red flags can be difficult to spot.
Add a quiz to your training to test your employees’ skills. Show example emails and ask them to identify if the email is authentic. This quiz is an excellent opportunity to add an engaging element to your security education. For example, make a game of it and recognize employees who answer correctly or participate enthusiastically.
To help employees understand what you’re up against, show real-world instances of data-breaches. Examples of companies that have suffered a data breach due to a phishing email and the consequences. Your employees will learn the most powerful lessons through raw data: dollars lost, people affected, damage to the company, and other tangible facts.
It isn’t that your employees don’t care about the company’s security; however, without seeing what could happen, they may feel as though this training is more of a formality than a necessity.
Mistakes happen. Even with excellent security training, an employee could accidentally fall for a phishing email. You’ll want robust antivirus software installed on your devices if that happens.
Remember that antivirus isn’t a set-it-and-forget-it solution. Always ensure that your software is updated and running at its best. Your IT department or service provider should keep an eye on your antivirus for all your company’s devices; however, consider that if some employees use their devices, your IT team will need to ensure they are protected.
A gap in many security programs often occurs with higher-level management. Though those teams arrange for security training to happen, they are often left out of the training. Do not assume that they don’t need it or that they have more pressing issues to focus on.
Executives without security training are extreme liabilities to any company. Because they have the highest level of access to confidential data, hackers will target higher-level employees. This is specifically known as a whaling attack. Everyone in the company should be included in security training from the very top to the bottom.
As phishing attacks become increasingly more sophisticated, your employees must know what they’re up against. Through understanding the possible effects of a breach, employees will feel ownership over protecting the company’s data from being exploited.
Endpoint protection protects networks that are remotely bridged to devices. Mobile devices, tablets, and laptops connected to corporate networks give access paths to security threats. These paths need protection with specific endpoint protection software.
There are various types of sophisticated data breaches, and new ones surface every day and even make comebacks. Putting your network behind a firewall is one of the most effective ways to defend yourself from any cyber-attack. A firewall system will block any brute-force attacks made on your network and procedures before they can do any damage.
In the event of a disaster make sure you back up your data to avoid consequences. Serious downtime, loss of data, and severe financial loss can occur if not done before a disaster occurs.
Who doesn’t have a Wi-Fi-enabled device in 2022? Any device can get infected by connecting to a network. If this infected device then connects to your business network, your entire system is at serious risk.
Securing your Wi-Fi networks is one of the easiest things you can do to protect your systems.
Every employee needs their own login for every application and program. Several users connecting under the same credentials can put your business at severe risk. Having separate logins for each staff member will help you reduce the number of attack fronts and offer improved usability.
One of the risks an organization faces is employees installing software on business-owned devices that could compromise systems. Managed admin rights that block your staff from installing or accessing specific data on your network.
Many business leaders believe that the risk of a data breach is higher when employees work remotely, but the basics still apply. The recent lockdowns forced many to work from home, catching many companies by surprise and creating a feeding frenzy for hackers to exploit vulnerabilities.
Employees are only sometimes able to recognize scams. Phishing scams, spoofing attacks, fake alerts, and the like can be so deceptive that even the most prominent names fall for them. COVID-19 has only added fuel to this fire: On average, during the first half of 2020, four out of 10 Coronavirus-themed emails were tagged as spam, with fraudsters impersonating government, health, and financial institutions.
To prevent your remote employees from unwittingly falling into a cybersecurity trap, it’s imperative to implement the following:
The recent rise in ransomware attacks and business-halting data breaches has made it clear that your organization must prioritize cybersecurity performance. But ad hoc security controls and defensive measures are not the answer. Instead, you need a strategic, risk-based approach with a cybersecurity roadmap as your guide.
One of the reasons why threat actors are so successful is that they can exploit risk hidden in complex and expanding digital ecosystems. Because of this, the first step to creating a cyber security roadmap is to identify risk throughout your organization’s digital portfolio.
Start off by continuously scanning your organization’s attack surface to gain a complete view of the vulnerable points. You can run a scan at any time to quickly visualize the location of your digital assets – including cloud instances and shadow IT – and the corresponding cyber-attack risk associated with each.
Next, you need to understand what security performance targets you should aim for and where you fall short. A helpful approach is to benchmark your security program against other organizations of similar size in your industry. This will allow you to make more informed decisions about where to focus your cyber security efforts.
You can also share your benchmark assessment with executives and board members, so they understand how your program aligns with industry standards. From here, they can develop improvement plans and allocate resources where they’ll have the most significant impact.
Third parties are an essential part of your business ecosystem, but they also introduce cyber risks of their own. Supply chain attacks are becoming increasingly common, and mitigating these risks must be factored into your cybersecurity roadmap.
As discussed above, even if you resolve every vulnerability and secure every asset in your digital ecosystem, if a single employee clicks on a link in a phishing email or connects to the corporate network from a public Wi-Fi connection, your organization is at risk. To mitigate this risk:
Topics include proper password management, Wi-Fi safety, and the importance of patching.
At DATAMARK, we approach your Cybersecurity Roadmap as a strategic guide that can help you gain a clear, data-driven understanding of risk. With these valuable insights, you can better align your security program with business goals, prioritize security investments, measure success, and continually improve.
This blog was originally published in Future of Sourcing.
Salvador Padilla – Director of Information Security
Salvador(Sal) Padilla has served as DATAMARK Director of Information Security since September 2021 and is responsible for the Information Security Management function of the organization, including the development, documentation, implementation, operation, and maintenance of the information security program. He leads ongoing activities to preserve the availability, integrity, compliance, and confidentiality of the organization’s information resources and assets in compliance with applicable security policies and standards.
Before joining DATAMARK, Salvador functioned as an Information Systems Security Manager for the United States Navy. He developed, maintained, and oversaw the system security program and policies for crucial Department of Defense accredited systems. He ensured compliance with cyber security policies, concepts, and measures when designing, procuring, adopting, and developing new systems. He also maintained a working knowledge of systems functions, security policies, technical safeguards, and operational security measures. His previous experience while he was in the United States Navy also included functioning as an Information Systems Security Officer, where he managed and executed all aspects of the Information System accreditation process in compliance with program-specific guidelines and standards for multiple Classified and Unclassified Networking Systems. He also supervised and conducted regular audits to ensure that systems were being operated securely, and information systems security policies and procedures were being implemented as defined in security plans. Salvador holds a Bachelor of Science in Business Management, as well as a Master of Science in Information Technology Management. Salvador also is an ISACA Certified Information Security Manager, Certified CompTIA Advanced Security Practitioner, and is a Certified Project Management Professional (PMP) from Project Management Institute.