Quick Check: Have You Taken These 3 Steps to Protect Your Organization from Cyber Attacks?

In response to the ever-rising threat of cyber attacks, the federal government has issued repeated warnings for organizations to be on high alert. To stay on top of the escalating situation, the Senate passed a massive $1.5 trillion spending bill on March 11, 2022, with new cybersecurity laws that require companies to report data breaches and ransomware payments quickly.

Clearly, the last thing any organization should do is sit back with the mistaken belief that “it won’t happen to us.” So, what can you proactively do to keep your business safe?

The basic steps include setting up defenses and an action plan should an attack occur. It’s also important to have good security practices in place like multi-factor authentication, firewalls, network segmentation, and SIEM (security information event monitoring). But that’s not enough.

Here are three preventive steps that should be considered as part of your cybersecurity strategy.

1. Implement a layered defense
   

   A layered defense mitigates risks in each “layer” of your environment, including network, hardware, software, code, data, access, passwords, physical access, and end-user training.

   In general, your defense plan should integrate the following layered actions:

   • Implement a training program to educate end-users on how hackers use phishing links in emails, lax password management, external devices, and more to gain access to corporate networks.
   • Practice zero trust security, limit access to applications, and ensure access is updated appropriately and promptly.
   • Have a monthly full data backup at a minimum, with system logs with incremental backups in between (with a best practice to store a second backup offsite).
   • Encrypt databases, backups, and sensitive traffic within your network.
   • Ensure each department has a business continuity plan that is regularly reviewed and updated.

   By enforcing standard operating procedures to address the common vulnerabilities that hackers exploit, you reduce the risk of becoming an easy target.

2. Plan for attacks using a table-top cybersecurity exercise or cyber crisis exercise
   

   Bring together selected team members across various departments (like IT, cybersecurity, business, and outsourcing) to discuss critical actions during a cybersecurity breach. Use a facilitator to keep the discussion engaging and focused and set clear expectations for what to do in an attack.

   For best results, you can establish a RACI, a responsibility matrix with clearly identified roles: Responsible, Accountable, Consulted, and Informed.

   You can use the RACI model to determine roles and responsibilities by answering the following questions:

   •

   Responsible: Who does the task? Who must make the decision, complete the task, or fulfil the objective? (More than one person can be responsible for tasks, depending on their scope and scale.)
   •

   Accountable: Who is the “owner” of the task? Who signs off or makes the call that something has been completed? Who assigns the responsibilities for the rest of the people in the matrix? (For each key division, there should only be one accountable person.)
   •

   Consulted: Who else needs to give input before something is considered done or signed-off? (The consulted group usually comprises various stakeholders who have the expertise to provide valuable insights.)
   •

   Informed: Who needs to know the updates in the appropriate timing? (This group will need to know decisions or progress on tasks, but do not contribute or provide input directly.)

   Alternatively, if you have the resources to do so, organizing a cyber crisis exercise to simulate a cyber attack allows your team to be more hands-on with various scenarios such as encountering malware, ransomware, data breaches, and infrastructure failure. Do note that cyber crisis exercises often need months of planning, and the simulation itself can take one full working day to run.

3. Create a backup plan for essential communications
   A backup plan with clear procedures to facilitate essential communications ensures that crisis teams and the business can continue to communicate, even if your usual messaging system is down. The plan should cover:
   • Establishing a backup messaging system that can handle temporary email, messaging, and collaboration in the cloud.
   • Keeping a backup copy of your active directory, as hackers often use phishing to access that directory to obtain administrative passwords and disrupt systems.
   • Keeping two backups on different media, one locally and one offsite.

Keeping your organization safe is a continuous effort

Traditional security programs are no longer enough to address new cyber threats. You must constantly eliminate the chances of breaches through evolving best practices and nurture a security-first culture that prioritizes availability, confidentiality, and integrity.

To upgrade your cybersecurity posture, you must take into account both cultural and technological solutions. There’s no point in being protected by cutting-edge tech programs, if employee ignorance or negligence provides an avenue for cybercriminals to access your company’s network, applications, and data. You can also leverage the expertise of third-party consultants to help you uncover real threats, deploy related resilience capabilities across key domains, and set up monitoring mechanisms to improve systems maturity.