It has been a rough first half of 2018 for cybersecurity professionals. Two of the higher profile cyberattacks are still in the news and still racking up costs. The City of Atlanta was devastated after a SamSam ransomware attack knocked nearly all digital services out of commission. Closer to home, the Colorado Department of Transportation (CDOT) was hit by SamSam ransomware in late February, then was attacked again in early March as the same ransomware morphed into a new variant.
Unfortunately, the risks posed by phishing, spear-phishing, and ransomware will not be abating any time soon. And while the number of ransomware attacks has decreased slightly, the sophistication and number of variants of malware are increasing. The spread of these highly sophisticated attacks can also be harder to defend against than earlier versions. For example, CDOT had about 20% of their computers back online when they hit by the morphed version of SamSam, which caused new damage. The cost of recovering from the attack has grown to $1.5 million.
While it may seem there is no way to defend against the volume and sophistication of cybersecurity attacks, there is a structured approach to cybersecurity that can reduce your risk. This approach, however, takes more commitment than buying a hardware device or software application. The most effective defense requires multiple layers and engagement across the organization:
Threats evolve rapidly. Your staff needs to know what the latest attacks look like and how to respond. Cybersecurity training must be updated and delivered often.
Formal Processes and Procedures
When your accountant receives an email from the CFO requesting copies of staff W-2’s, what should they do? When a new employee starts, what company data can they access from their smartphone? Questions like these are best answered by referring to a standard set of policies and procedures developed from a cybersecurity point of view. Ad-hoc responses lead to vulnerabilities.
No employee should have access to files or servers they do not regularly use. Limiting access helps prevent the spread of an attack. Audit users, credentials, and IT resources regularly to ensure no single point of attack can spread to the entire organization. Implement a change management process for giving access to critical information or locations in your environment.
Advanced Threat Detection
Advanced threat detection addresses the issue of rapidly evolving malware. Advanced threat detection isolates the malware so it cannot infect other computers while allowing it to execute according to its programming. The advanced threat detection tools observe the malware behavior and update threat definitions, so systems can recognize and protect against every variation in the malware lifecycle.
Your firewall is your networks first line of cybersecurity defense. A firewall is a network device that inspects all incoming and outgoing internet traffic, restricting malicious traffic based on a set of rules that are typically updated regularly by the firewall vendor. A firewall is not optional.
Anti-virus, Anti-malware, and Anti-spam
Anti-virus, -spam, and -malware is your computers first line of defense against internet threats. This software looks at internet traffic and files and blocks malicious files, traffic, and email based on a set of rules that is regularly updated by the software vendor. Like a firewall for your network, this cybersecurity software is not optional.
Increasingly sophisticated attacks require a more sophisticated threat response. A multi-layered cybersecurity approach that engages all employees across the organization is the key to getting -and staying- ahead of the attackers. If you do not have a comprehensive cybersecurity plan in place, call us at 720.757.0779. We can perform an audit to help you understand where your risks are.