Cybersecurity has been high on the list of CIO agendas for years, but recent events make ensuring your business and its data are protected the number one priority. The recent Swiss Cyber Security days event held in Fribourg highlighted the critical importance for leaders to start protecting their business against digital threats.
“ The number of security breaches identified in Switzerland has more than doubled since the start of the health crisis, going from 42,000 in 2019 to nearly 114,000 today”. “The pandemic is not only the biggest accelerator of digitization, but also an accelerator of crime”, announced the organizers.
In January 2022, most CIOs were focused on getting their workers back to their desks or ensuring that the new generation of remote or hybrid workers have everything they need to collaborate and be productive.
Just below meeting IT’s needs of the “new normal” workforce on their list was the never-ending need to ensure digital security was up to date against the latest threats. Many businesses that moved to the cloud as part of digital transformation efforts may have done so during COVID without time to think about security. Now they need to ensure that data is securely encrypted wherever it resides, meets with compliance regulations, and that protection stretches beyond the firewall to go wherever the data travels, protecting access to servers and data from remote locations.
Even with the constant threats from huge numbers of automated hacking tools, the issue of security has stepped up a notch as hackers politicize the Ukraine/Russian war, and more aggression across China, Taiwan, and the Koreas. Some CIOs might wonder what all of these events have to do with them? But experienced security operators will know that the volume of attacks and links across global business, international supply chains and even just companies that do business with one side or the other are more likely to be attacked.
What are the technical threats against your business?
Whatever the politics or the personal or automated nature of an attack, it really doesn’t make much difference to the business. CIOs and security teams need to be alert to any threat or attack from the millions of automated attackers, launching billions of attacks each day, ensuring their defenses are secure and up to date. There are many types of threats, described below, which require a blended or balanced security approach to cover every avenue of attack.
The catch-all term for files or messages that come with a payload attached that will launch an attack on the business systems when opened. Malware remains the most popular way to try and break into a business. Send enough malware-laden messages, documents, emails, website links to enough workers and eventually, someone will click on one. Some malware might just steal the account details of the one user, other efforts might try to access services and send information to the creator of the malware. While the more advanced types will create backdoors, enabling more complex hacks to occur. See some real-world examples here.
- Denial of service
Distributed Denial of Service (DDoS) attacks see thousands or millions of already-hacked devices sending endless streams of messages to your servers. These attacks are well known for bringing government or big business services to a halt, with websites or applications inaccessible due to the volume of the attack. Read about some real-world DDoS examples here. But even small companies get DOSed to take them offline, allowing rivals to benefit or for other malicious behavior.
- Direct hacks
While most hacks are automated, sometimes, someone with a specific interest in information within your business might launch a direct hack effort. This could include trying to use known vulnerabilities to find a backdoor into the business, and then take what they need and leave without the company ever knowing.
- Internal actors
With all the worry about foreign hackers, it is worth remembering that many attacks come from inside. Some employees who are leaving the business might try to steal data for their next role, disgruntled workers might share their logins for profit or cause damage, and some might want to create a backdoor so they can continue to access services or information. Read more about internal threats here.
However they break into your business, ransomware is the fastest-growing type of attack against any business. The hacker uses their tools to encrypt business data, lock up the company’s computers, and claims they will let you get services back for a sum of bitcoin. Those that pay up often find they do not get their data back, but most companies lack the backups or disaster recovery plan to mitigate the threat.
- Cloud threats
As businesses move to the cloud, the cloud services become the target of hackers, so they don’t even have to worry about breaking into your on-premises systems. A combination of brute force password guessing or social engineering can be enough to
How to defend your business against these threats
IT security defense is a specialized role, often with a security team supporting the CIO. But in many businesses, especially fast-growing startups, or those that are used to a traditional on-premises IT defense, there can be gaps in knowledge and protection that need to be addressed.
In most cases, companies are happy to partner with companies for security as a service, or rely on their cloud productivity providers to protect them. But as the threats grow, businesses need to ensure end-to-end protection across their entire digital footprint, and just one gap could allow an automated or persistent hacker in.
- Inside the firewall
While most notebooks are highly secure these days, the IT department needs to ensure that protection is turned on, auto-updates are on, and that users do not install unsanctioned apps (especially on BYOD devices). With mobile devices, enterprise-ready smartphones or tablets should be used with encryption and protection to keep files and applications secure.
The latest antivirus, firewall and security tools must be in place to protect endpoints, networks and users, while ensuring security by design is built into business systems to keep data secure. Strong incident response plans must be in place, along with training of workers to spot malware and other threats.
- Next-generation firewalls
Traditional firewalls could only spot the threats or malicious behavior they knew about. Next-generation firewalls (NGF) are smart and adaptable to identify anything that might be suspicious, using deep-packet inspection to ensure there are no malicious payloads within files or messages.
With application-level inspection, intrusion prevention, and AI features to spot new threats as they emerge, NGFs can protect across the cloud as well as within the traditional perimeter of the firewall.
- Encryption and user identity
With many businesses using a range of cloud services or applications, ensuring only legitimate users can access them, and that files remain encrypted wherever they travel is a key part of modern digital security.
Strong encryption requires the business to understand how each service encrypts and manages data, to ensure that there are no gaps across networks or storage where a file might be readable. As for Identity and Access Management, there are many ways to ensure that only valid workers access applications, with authentication mobile apps, SMS security messages. Companies need to ensure that access rights are revoked when people leave or no longer need access to particular services or files.
Driving these efforts, businesses should set up a security operations center (SOC) to learn about the threats and monitor cyber attacks against the business through a dedicated team or partnership with an external provider.
Security in the cloud era
All of that can sound daunting and challenging to some businesses, but The six pillars of cloud security can act as a guide to help any CIO or IT team learn what needs to be done to protect the business.
Trends like zero-trust help reduce the burden on IT, with every app, user and device responsible for proving its identity before being allowed access. Another essential tool is a Cloud Access Security Broker (CASB) that enforces your security policies so that only the right people on suitably secure systems can access business data.
With most new applications using smart solutions, they also need only alert security managers to likely breaches, unusual activity or key issues, and can shut down the source of any breach faster than traditional solutions.
And, if a company builds its own applications, it will need to ensure that they are highly secure and that data is protected to the same standards as commercial applications, leaving no weak spot for hackers to exploit.
Malicious threats as businesses move to the cloud will never disappear. So, CIOs find themselves in a constant battle against new threats, with plenty of hackers still exploiting older weaknesses as businesses are slow to upgrade. Getting on top of the problem requires a cross-business effort to secure data, train users and ensure the right protection is in place to maintain security, even as new threats emerge.
While companies can quickly adopt the technical parts of cybersecurity, there is an urgent need to educate workers and partners about the threats, with many not technically literate or understanding of the threats. Humans remain a leading reason for breaches or hacks, something we will cover in more detail in an upcoming article.
No business is alone in the fight against digital threats, with many providers offering cross-business and all-embracing solutions to provide protection. Whatever systems you invest in, it has to embrace the whole business to maintain security, and be smart and upgradable as applications become the front line in the battle against hackers.
Wondering if your business is at risk ? Contact us to discuss how we can help you to protect your data, network, and applications from the latest threats.