With the vast amount of information available on cybersecurity and ransomware, and while technology providers blather on leak prevention, the “it will never happen to us” mentality still prevails. big organizations too.
So, when a breach does occur and bad actors demand a ransom, often the reflexive response of an organization is to pay the ransom as a way to “get it out of the way.”
sophisticated bot technology
Today’s cybersecurity criminals don’t poll ports once every few days, weeks, or months with a chance of success. They are polling “at scale”, literally across thousands of organizations he is polling thousands and thousands of times per second. Exploit the smallest vulnerability. These criminals are also professional cybersecurity attackers, possessing the most sophisticated skills and tools, and a steadfast commitment to breakthrough security defenses. Additionally, bot technology is advancing rapidly, and it can be difficult to distinguish between bot and human interactions.
It’s usually after a breach that an organization pays the first level of attention. It’s easy to be smart after the fact! By then, however, the damage will be fully and truly done.
Organizations are constantly on the alert as to what caused the breach and why they didn’t take the necessary steps to prevent the attack. But the impact of a breach is arguably the most visible and long-lasting, if not final.
A few months ago, big city company We had a very serious security breach. There were no reports of the attack at the time, but now, months later, there was news all at once about their financial difficulties and losses, legal injunctions, layoffs of employees, delays in payments to suppliers, and more. When a peer group announces record earnings. The consequences of a security breach are severe, both financially and reputationally. The vast majority of small to medium-sized organizations do not even survive after such an incident.
Employees tend to be the weakest link in an organization, often leading to security breaches. A single inadvertent click can compromise an important function of your organization. So, along with secure processes and well-configured technology (backed by ethical penetration testing), the mantra should be “education, education, education”. This he needs to improve frequently and continuously, not just once.
corporate apothematism
With the above in place, the way forward would be corporate apomatismIn the animal kingdom, some species use defenses in the form of physical changes, such as the sudden appearance of color or spikes, and cues in the form of spitting venom, making alarm sounds, or emitting a foul odor. increase. The predator will scare away the predator with a message that it is not worth the effort and should not be attacked, or that the attacker himself may be caught.
Taking a leaf out of these animal books, organizations should also put up big and bold warning signs, sending a signal to cybercriminals that it’s not worth the effort. Criminals want quick success. As such, criminals typically exploit vulnerabilities that are often under the watch of security experts within an organization. Closing the most seemingly irrelevant gaps, along with more overt security measures, provides a clear signal to criminals that the company’s approach is sophisticated and its cybersecurity flawless. .
The purpose here is not to brag about security, but to show signs that a great deal of effort has gone into covering security pitfalls. The goal is deterrence, not challenge.
It is well recognized that the question is when, not if, a security breach will occur, but strong and balanced security often mitigates breaches. And if it does happen, the impact will be contained and minimized. As Gartner suggests, every organization should build a culture of corporate resilience. In particular, cloud adoption, data privacy laws, and digital transformation initiatives have evolved to add even more complexity from a cybersecurity perspective.
Image credit: Rawpixel.com / Shutterstock
Roy Russell is CEO Assertus Limited.
