Before we dive into cybersecurity protections, let’s talk about the Titanic for a moment (bear with us). Built in 1909, the British passenger liner was a modern marvel: complete with four-cylinder, triple-expansion steam engines, 16 water-tight compartments, a rudder weighing in at 100 tons, and even ceilings made of granulated cork (to combat condensation). But for all its bells and whistles, the Titanic had a major shortcoming: it did not carry enough lifeboats to ferry all of its occupants to safety.
In short, it was unthinkable at the time for a ship of the Titanic’s ingenuity to sink.
Just like no ship is impervious to the perils of sea, no business is immune to the rising number of cyberattacks nationwide. In fact, because hacker motives are largely financial (about 83% of all breaches in 2019 were for financial gain), small and medium-sized businesses are becoming a growing target.
28% of the breaches in 2019 involved small business victims
Verizon DBIR
Phishing is the top threat action
Verizon DBIR
$7.68 million is the average cost for small businesses
IBM and the Ponemon Institute
That said, there are a few things small and medium-sized business owners can do to decrease the risk of a breach (and make sure you have enough life boats for your company).
We’ll take a look at the benefits of the following:
1. Having a firewall in place
2. Installing a password management system
3. Vulnerability management
4. Training awareness for your employees
Let’s get started with an important question.
Is a proactive approach to cybersecurity worth it?
One in five SMBs don’t use any endpoint security protections, and 60% of SMBs believe they are not likely targets of cyberattacks.
BullGuard
The short answer is: yes. There is no risk if there is no vulnerability; however, every endpoint, every phone, computer, server, and human operating these systems is vulnerable.
According to a 2020 Accenture report on the state of Cybersecurity, organizations with cyber resilient measures in place are:
- 4x more likely to stop targeted cyberattacks
- 4x more likely to detect cyber breaches
- 3x more likely to remediate quicker
- 2x more likely to reduce the impact of a breach
No matter how many preventative measures are in place, it’s important to realize that the risk of a cyberattack still exists, that a compromise will still happen, and having a plan in place is imperative.
And while not every company has the ability or resources to hire a MSSP (Managed Security Service Provider), a vCISO (Virtual Chief Information Security Officer), or to perform a risk assessment in your environment, there are a few basic hygiene methods that we recommend implementing in every network and workplace.
1. Firewall
A firewall functions kind of like those water-tight containers on the Titanic. It’s a security system that filters traffic coming into your network from the Internet, Cloud, and Dark Web. Essentially it acts as a first-line-of-defense barrier between a trusted network and an untrusted network. The term comes from the concept of physical walls preventing the spread of fire until emergency services can arrive and extinguish it.
When set up correctly, firewalls inspect “packets” of data that come and go, and then determine whether those packets match known threats or malicious patterns (such as Malware, Denial of Service (DoS) attacks, spam, etc.)
Properly-installed firewalls block hundreds of malicious threats every day, and we believe they are a critical component to all cyberattack preventative measures. Cost, the number of computers in your network, VPN access, and whether you need a software, hardware, or cloud firewall are all things to consider when making your decision.
Before you have a firewall in place, make sure to back up all of your files to a computer or hard drive that is not connected to any network—this prevents the spread of malware and viruses to vital system files.
2. Password Manager
Every single externally-exposed login application should have multi-factor authentication and a strong password program. Whether it’s a website, a blog, an inbox, or a social media app: these are all open back doors to your business.
According to a Keeper and Ponemon Institute report, 70% of SMBs report that their employees’ passwords have been stolen or lost in 2019. 54% have no visibility into employee password practices, and 63% of SMBs experienced a breach caused by a negligent employee or contractor.
Password managers like LastPass, 1Password, or iCloud Keychain are examples of apps that remember things for you, so you don’t have to. There are many options available for every budget. By creating strong, unique passwords for every service you use, password managers encrypt all of your data behind one “master” password for ease of use.
While maybe intimidating to use at first, a good password manager will make remembering login details less frustrating for you, and will ultimately reduce your risk of compromised information.
3. Update, Update, Update
Part of vulnerability management is making sure external systems and endpoints are always patched to the latest and greatest. Because technology is always evolving, cybercriminals are continually motivated to find new ways to breach networks.
Sometimes those “Update Now!” notifications on your phone or computer can be annoying, but keeping your infrastructure security current is key to staying two steps ahead. Make sure to regularly update any outdated software and hardware and stay current on any antivirus rules. You can even set up automatic updates on some devices, so you don’t forget.
4. Training Awareness
Most people do the right thing most of the time… but they also have to know what the “right” thing is. This can include not clicking on random links in the inbox, not replying to an email with sensitive information, and calling to confirm in case a coworker asks for specific information.
Educate employees about the many ways they can avoid making your business vulnerable to attack. Steps they can take include:
- Assume every email and link is untrustworthy until proven otherwise
- Keep an eye out for social engineering attacks that try and gain employee trust and help
- Be cautious of releasing information on social media (such as phone numbers, home addresses, or other personal information)
- Access internal networks only from secure and company-approved devices
- Turn in any lost USB devices right away
Check out some more tips and tricks on how to create a successful cybersecurity awareness training program.
Other Things to Consider
What is the risk and what is the opportunity risk?
Keep in mind that implementing the above measures is only the first step. Being proactive is important to reducing cyber risk, but we highly encourage you to think about a plan in the event that you are attacked.
Do you have cyber insurance?
Just like home insurance covers your private residence, cyber insurance protects your business’ liability for a data breach.
Do you have the tools you need to determine what happened after a breach?
Collecting evidence after a cybercrime has taken place allows for answers on how the attack happened, and how your data was impacted. Check out some more details on the anatomy of an incident response here.
Case Study: Phishing and Ransomware
Remember how phishing has proven to be one of the top threat actors in small and medium-sized business breaches? Blue Team Alpha actually encountered one of these instances in a logistics company recently (around 600 employees). Here’s how it went down.
Attack Details
An attacker sent phishing emails to employees. One of the users opened the email, thought it was legitimate, and entered their username and password credentials. Since most people synchronize their computer password with their email password at work, the attacker was able to use the login details to access the VPN network. Once inside, the attacker conducted reconnaissance, figuring out “who’s who” in the organization and proceeded to send emails to targeted individuals from the compromised email account.
The attacker was inside the organization dwelling for several months and gained access to administrative accounts. They deciphered the timing of invoices and expected payments and obtained the company’s bank wiring details.
The attackers wired approximately $300,000 from the company’s bank account into their personal account. Additionally, they sent a number of pending invoices with updated false payment information, so the money would come to them when payment was made. If that wasn’t enough, the attackers also set off a ransomware attack, encrypting all of the company’s computer assets.
What Blue Team Alpha Did
There was a lot of cleanup work that needed to be done because of this attack, but our team dug in and devoted more than 300 man hours to get the job done. The company had 300 workstations, all of which needed to be reloaded due to the ransomware attack. We arrived on site and set up camp in a large conference room. We set up an imaging service to create copies of all of the computers. Fortunately, the company had encrypted backups and a SAN (Storage Area Network) snapshot, which truly saved them from irreparable damage.
We used the backups to start restoring services. Our team’s expertise and the additional hardware we brought in to help with remediation enabled us to get their business back up and running within three days. All of the workstations were reimaged within five days. Unfortunately, there was one site they did not have quality backups for. They did end up having to pay the ransom for this data. We were, however, able to help negotiate the amount down from roughly $850,000 to approximately $600,000. In these situations, companies are often powerless, as these ransomware attacks originate from non-extradition countries, leaving no options for recourse.
Lessons Learned
Regular, encrypted, and “air gapped” backups are a critical component for cybersecurity. Air gapping is the act of disconnecting the backup device from the network, so it can’t be compromised if the entire network is attacked. Failure to take these types of proactive measures can cost you dearly if an attack occurs. Employees should be educated on phishing attacks, and companies should make sure login credentials are not duplicated across email and network access.
We encourage you to read more of our case studies—but this is a good example of how establishing some basic cybersecurity hygiene can help businesses prepare for these types of breaches.
Is your business secure?
Nowadays, the entire hacking/breaching process can be scripted for a threat actor. That is, individuals can scan the internet for vulnerable companies, and then scripts will automatically run to pinpoint vulnerabilities and lead an attack. Call centers are even set up to catch unsuspecting users and gain access to sensitive information.
If you want to put policies in place to keep your business secure, be proactive and contact Blue Team Alpha today. Our team of specialists will be able to determine which Red Team Services or all-inclusive defense subscription is right for you.