Just think what would happen if a ransomware attack hit your business and locked all your end-users out of their computer systems. What would the impact be on your business if your customers found out? How much revenue would you lose?
Ransomware and other forms of cybercrimes affect many businesses. Studies indicate attackers are non-discriminatory. They go after all size businesses across all industry verticals, hoping to make money by locking up their digital assets.
Small businesses are ideal targets because cybercriminals realize they often don’t have the resources to implement a strong security posture. According to an Experian study, 20% of small businesses fall victim to cyberattacks, and of those, 60% go out of business in six months. From phishing scams to data breaches, the average attack costs a business $9K.
To help you take on this challenge, we recently interviewed Brian Freedman of QOMPLX Cyber Security Solutions for a PulseOne Tech Talk. Brian is a Certified Information Systems Security Specialist, and he has a master’s degree in cyber security.
To defend digital assets against cyberattacks, there are many tactics, and the plan can often get complicated. To take on the challenge, Freedman says it’s usually best to work with an IT security resource local to your area who has the necessary expertise and understands the challenges of SMBs.
This approach is less costly than trying to hire someone internally. You’re also more likely to form a long-term relationship with a consultant whereas IT hires tend to look for higher-paying jobs.
“A local partner can advise you on which security technologies you need today and which ones you need tomorrow,” says Freedman. “This is important because technology vendors come and go, and you want to make sure you always maintain a strong security posture.”
Freedman adds that one of the first key steps is to work with a partner to identify everything you have in your IT infrastructure—servers, routers, switches, end-user devices, applications, and databases. It’s also critical to continuously test your security posture with penetration testing or external scanning services.
“These services help you make sure you’re monitoring your infrastructure and assessing how good of a job you’re doing,” says Freedman. “See if your company is doing the right things, not just technology, but also policies, procedures and documentation.”
Another paradigm Freedman recommends is the implementation of a zero trust architecture. It’s built on the premise to not trust any activity that occurs on your network and to validate every transaction, such as log-in attempts and file access. Is a user trying to log in valid, and are they logging in from a valid location? Is the user trying to access a file that might be embedded with malware?
For example, if Joe works in the New York office, and there’s an attempt by his user account to log in from Los Angeles, there’s a chance it’s someone other than Joe trying to log in. Or if Joe is logging in from New York, perhaps he’s trying to download a file from web server that is on a blacklist.
“There’s a lot of components to zero trust, but the core of it distills down to always checking and verifying where something’s coming from before you execute on it,” says Freedman. “Basically…trust no one!”
Freedman points out that spear phishing is another attack vector that hackers like to use to gain access to a company. This is where a threat actor targets specific individuals within an organization, impersonating a person who belongs to the organization to gain access to digital assets.
“From there, they can bypass common security controls like multi-factor authentication or tokens on a key fob,” says Freedman. “Once they’re on another user’s laptop and using their identity, they can pivot across the network to access secure data such as intellectual property and customer records.”
To illustrate how bad actors can breach a company’s digital assets, Freedman tells the story about Wile E. Coyote, the nemesis of the Road Runner:
A hacker wants to exploit Acme Corporation through Wile E. Coyote, a frequent buyer of Acme products and part of their loyalty program. It’s important for Acme to evaluate the applications Wile uses and segment the networks that Wile accesses so that cyberattacks cannot spread. If a hacker compromises the loyalty program through Wile, and that customer network it not properly segmented from the rest of the organization, the attacker could pivot from the loyalty program and gain access into a core database in the main infrastructure.
“For cases like this, it’s good to have technology reviews, application software testing, secure code development, and a secure development life cycle,” says Freedman. “These are all recommended best practices to employ.”
For more information, be sure to check out the complete PulseOne Tech Talk with Brian. And if you have questions about IT security, feel free to contact us. We help businesses solve security challenges and work with specialists like QOMPLX to maximize your security posture and minimize your threats.