Cyber attacks have been increasing in frequency and severity over the last few years, and hackers are getting more determined and sophisticated. Even businesses with huge teams dedicated to information security, and with large budgets to spend on security solutions are being breached and have a high cyber risk.
Nastassja Finnegan, Enterprise Sales Director at DRS, a Cyber 1 company, says even more alarming is the fact that breaches can take months to discover, with research showing that the average time taken to detect an APT on a network is around six months.
“Businesses today need to understand that they could fall victim to a breach at any moment, so understanding cyber risk, and having a detailed plan in place to manage it, is crucial to any organisation’s survival.”
Companies need to define ways to deal with risk, and this means identifying who is responsible for dealing with the risk, what are the actions that can be taken to mitigate the risk, and in the worst case scenario, what the impact on the company will be.
According to Finnegan, there are several steps to follow to help organisations manage risk in the event of a cyber attack. “Firstly, create and maintain an up-to-date and thorough inventory of all software and hardware assets on the corporate network. Get to know which systems house the most confidential or proprietary data, and ensure that the bulk of your security efforts are focussed there.”
She says not to forget shadow IT, which can put the company at risk. “Identify any unsanctioned devices or other assets, as these can endanger the business and cause endless problems.”
The next step towards good risk management is to have a plan in place to collect and analyse information from all your critical systems on an ongoing basis. “Due to the vast amount of data that is flooding today’s enterprises, automating this process would be sensible, and will ensure you have a true picture of what is going on within the business.”
Finnegan advises to organise the network and the data it contains to reduce the amount of potential data loss should the company suffer a breach. “Remember that once on the network, attackers can lurk there for months, moving laterally, performing reconnaissance, and exfiltrating information. Keeping valuable data and systems segregated from the rest of the network can help to lower the risk of major and embarrassing data loss.”
Then, once you have identified the data ‘crown jewels’, it’s a good idea to make that data too much of a hassle for cyber criminals to get their hands on. “Remember that attackers go for the low hanging fruit. Encrypting confidential data could make it more trouble than it’s worth.”
She adds that companies must have the ability to isolate or quarantine any suspicious systems from the rest of the network. “Have tools in place to pinpoint any anomalous behaviours that might indicate that a system has been breached. Once you suspect a system has been hacked, quarantine it so the attackers cannot reach through that system and infect other systems on the company network.”
At the end of the day, Finnegan says there is no security solution that is 100% effective. “However, understanding the dangers, where they come from, and how to contain them, will go a long way towards recovering quickly from a cyber incident. The best way a company can protect itself, is to have a practical and thorough understanding of the risks to the business, and appropriately focusing resources to reduce those risks.”