Every company is at risk when it comes to data security breaches. From the biggest multinational enterprise, to the smallest startup, hackers are constantly probing defenses, exploiting weaknesses, and finding new ways to profit off of sensitive data.
In recent years, hackers have evolved their attack strategies and tools to be ever more complicated and resilient. For example, the Dridex malware used to infect thousands of banking systems was barely phased when law enforcement officials launched a campaign to sinkhole thousands of infected systems and arrested one of the key operators of the malware.
Because the malware used peer-to-peer (P2P) communications for its botnet, the network was decentralized and able to stay “live,” even with critical pieces of its original infrastructure missing. As noted in a PCWorld.com article, there was “a drop in Dridex activity but that it resumed again around the start of October” in 2015.
To counter threats such as Dridex requires knowledge, preparation, and vigilance.
With this in mind, here’s a simple, three-step program for businesses to stop security breaches of their data:
Step 1: Get to Know Your Biggest Threat Sources
Hackers will carefully refine their tactics based on their targets. The Dridex malware mentioned earlier was designed specifically to target financial institutions, and the strategies used to get the malware on the victims’ networks reflected this fact.
The most common method hackers used to introduce malware to a target was to launch massive spam email campaigns that were highly targeted. Email titles and contents were structured to look like invoices from companies local to the target company’s country, with attachments that supposedly contained invoice details, but were actually filled with malware.
Knowing how hackers will attack your company’s data is the key to stopping security breaches from happening.
So, spend time checking out reports such as the 2016 Verizon Data Breach Investigations Report to see what some of the biggest cybersecurity threats are to businesses in your industry. The more you know, the better.
Step 2: Prepare Your Defenses
Investigate your options for network security, placing an emphasis on protection measures designed to thwart the most common threats to your business’ cybersecurity.
For example, if your business is the kind of financial institution targeted by the Dridex hackers, adding email antivirus and spam filters would be a crucial step in mitigating risks. Businesses that are frequently targeted with ransomware threats should consider using remote online data backups and server replication to thwart hackers that block access to data by encrypting it.
All businesses should try to add as many layers of security as is practical for their budget and operational efficiency needs.
In addition to adding strong cybersecurity layers to the server stack and company software, your company should train employees in basic cybersecurity protocols. Many hacking strategies try to exploit employee ignorance to steal user access credentials or to sneak malware onto the company network.
By increasing employee awareness of basic security issues such as phishing attempts, safe web browsing practices, and data security when sharing information outside the organization, your company can massively reduce its data security risks.
Step 3: Exercise Constant Vigilance
The average time between when an intrusion occurs and when the victim organization detects the breach is measured in months. In this time, hackers can wreak havoc using the data they’ve stolen.
So, in addition to preparing strong perimeter and internal defenses, your business should use strong data security monitoring tools such as intrusion detection systems (IDS) with event logging to track when data is accessed, who accessed it, and where that data was sent. Being able to track the source of a breach and its extent is key for numerous security compliance standards, such as HIPAA and PCI.
Vigilance is important for detecting and thwarting some of the more sophisticated attack strategies, such as advanced persistent threats that plant malware onto the network that slowly and continuously export sensitive data to remote servers controlled by hackers.
For instance, millions of customer credit card numbers could have been protected during the Target hack. But, as reported by Bloomberg Businessweek, when the company’s early warning systems generated an alert, “Minneapolis didn’t react to the sirens… Not only should those alarms have been impossible to miss, they went off early enough that the hackers hadn’t begun transmitting the stolen card data out of Target’s network.”
Even with a powerful, cutting-edge security solution, a lack of vigilance can give hackers the window of opportunity they need to access and exploit your company’s data. However, maintaining the level of vigilance needed to spot such attacks in time to thwart them is difficult to maintain for many IT departments.
Few businesses have the spare staffing budget to add a dedicated IT security team to their payroll that is robust enough to monitor network traffic at all hours of the day and provide comprehensive threat protection.
So, many businesses try to place responsibility for these tasks on their existing IT personnel, who are already tasked with countless maintenance and IT support duties as is. The result is an overloaded IT staff that operates at reduced efficiency, creating security holes while distracting IT from the activities that will drive the business’ success.
Here, using a cloud service provider can be enormously beneficial. First, the cloud provider will have their own suite of data security technologies that can be applied to your infrastructure, technologies that are designed to work together and minimize the risk of crashes when new updates are applied.
Second, cloud providers can offer a full-time staff of dedicated security professionals who work to spot new threats across all of that provider’s customers. When a new threat strikes, the cloud provider’s team can collect data on that threat and apply new protections to all of their cloud environments at once, thwarting future attacks from that same threat.
Finally, using a cloud provider for threat protection helps reduce the workload for maintaining security measures that is placed on your IT department. This lets your team focus more time on building results and less time on managing security updates.