We all know cybersecurity is a major threat today.
Do you know your small- or medium-size business is a primary target for hackers and why that is? Because it is a billion-dollar market with poor security protection and the lack of effective incident response plans. Criminals always look for the easiest path.
As larger companies improve their defenses against cyber threats, small- and medium-size businesses have become low-hanging fruit for cyber criminals. As business owners, it is one of the biggest threats we face today. These occurrences should be viewed as a matter of not if, but when, they will occur.
- 85% of organizations under 1,000 employees have been hacked.
- Every 40 seconds an organization becomes the victim of cybercrime.
- Human error, like clicking on a phishing email, is a primary threat.
- 75% of IT managers have reported they could not fully recover with their backups.
- It takes the average company six months to detect a breach.
- Businesses lose an average of 31% of their customers after a data breach.
The right firewall, tools and security protections are very important. But they cannot prevent every breach. Even the Department of Defense admits it cannot keep intruders out.
How well are you prepared? Is anyone actively monitoring your environment? Do you have an incident response plan to detect, respond and remediate quickly?
From our experience, most businesses are not prepared, and that is a scary place to be. Here is the outline for an effective strategy —
Preparation: You need to prepare for the event before it happens. You should have a reputable third-party firm assess your organization to spot potential weaknesses. You then need to build incident response policies, train for the event, develop clear guidelines for communications and have a rapid response team ready to help your IT team as soon as an incident is discovered.
Identification: There are multiple ways to identify a potential incident. Having clear communication, training of personnel, and proper tools and processes in place ahead of time will have a major positive impact on the speed and effectiveness of this step. You also will need to collect and preserve evidence so a thorough investigation and accurate analysis can take place.
Containment: This step often happens in tandem with identification or as soon as possible following the identification of the compromise. This is the process of isolating all damaged and affected servers or devices and locking down compromised accounts. This limits any further or potential leaks and damage.
Eradication: This step should be done by properly trained experts after the investigation to determine how access was gained and the extent of damage. Analyzing malware, tools and artifacts left by the bad actors can help to identify them. We often find organizations delete and restore backups prior to an adequate review, which can invite a repeat occurrence.
Recovery: Test the fixes from the eradication phase and transition back to “normal” operations. Remediate vulnerabilities, change or completely remove/replace account passwords and add necessary tools or processes to prevent a repeat occurrence. Test accounts and functionality so the regular flow of business resumes as quickly as possible.
Lessons Learned: You must review each phase of the response to improve incident response capability and your security posture. Common causes are human error, security holes or a flaw in a security product. This phase gives the organization the opportunity to assess what went wrong and use the incident as a stepping stone toward continual improvement of your security.
This can seem daunting in our ever-changing threat landscape. Even the best IT teams struggle to keep up and respond effectively to a breach or ransomware event when it happens.
Security is a specialization much like the medical field. You have general practitioners and then you have neurosurgeons. That is why we partner with some of the best security experts and firms in the industry to help our clients manage this risk and ensure they have the right people, tools and strategies in place so they can have peace of mind.
If you have read this and realize you don’t have a comprehensive strategy in place, we can help. We offer free security assessments to provide you with a high-level analysis of where you stand and your current vulnerabilities. We assist with everything from complete assessment services (vulnerability, penetration, and attack surface monitoring), advanced endpoint protection, and 24/7/365 advanced active threat monitoring. We can also help you implement an incident response plan tailored for your unique needs and budget.
The hackers are coming, but you can be prepared! We look forward to helping you do that.
Bryan Dancer is the president of Allegiant Technology, an integrated IT, communications, cloud, and cabling company. Bryan and his team of support staff help business owners simplify, plan and operate technology in integrated and economical fashion, tailored to their unique requirements.