4 Surprising Ways to Preempt a Cyber Attack
By Microsoft in Business Team on March 15, 2016
Filed under IT Leader
James Lyne is concerned for your safety.
As global head of security research for Sophos, Lyne knows your virtual weak spots, he knows who else knows them, and—most importantly—he’s an expert at making sure those vulnerabilities don’t become liabilities. In preparation for the upcoming Virtual Security Summit, we sat down with Lyne to learn how businesses can protect themselves in a world of complex cyber crime.
Lyne imagines each security deployment process as a net. Since some cybercriminals are still using rudimentary methods to hack business systems, such as phishing and malware, even one net—one layer of security—can deter some intruders. Sure, it’s true that each security deployment on top of that first net adds another layer of protection. But attending to basic cyber hygiene first—such as good password management and patching security systems—offers protection immediately. Then, Lyne says, businesses can move on to more advanced security measures, depending on the personnel and financial resources available.
Lyne offers the following basic—but critical—suggestions to help keep attackers at bay:
1. Perform a risk assessment
Do you know the ways in which your organization is vulnerable to a cyber attack? First, ask yourself what information your company, employees, or systems have that criminals might want. That’s right: Channel your inner criminal (not that we’re suggesting you have one) and consider, from that perspective, what makes your organization worth hacking. Despite the romance around espionage and sabotage-driven attacks, the biggest motivator for cybercriminals is still money. When they attack, they’re typically trying to gain access to the money chain—either directly or through information leading them there.
In short, the first step in protecting your business is understanding what information cyber attackers might find interesting—and then being aware of methods they might use to get it.
2. Assume failure
Far too often, businesses take a “fix it and forget it” approach to their security; they put measures in place and assume they’re working… and then they experience a security breach for which they’re wholly unprepared. Lyne advises that businesses assess security measures and capabilities and build policies with the assumption that those measures will fail some day.
If your defenses ever fail and you lack a tested incident response plan, the attacker undoubtedly has the advantage. However, by assuming failure at the beginning, your organization can strengthen its ability to respond swiftly and effectively in case of a breach, significantly minimizing the damage.
3. Make IOT secure
IoT devices are booming in popularity, and they offer fun, engaging ways to either improve business efficiency or connect with customers. The trouble with IoT often lies in their deployment, as common security flaws are being overlooked as some of these devices go to market.
The savior for IoT devices without robust security controls is that criminals aren’t really attracted to them just yet. Why? Because, for now, these devices don’t offer a clear path to the easy-to-monetize information they’re looking for. But that’s not to say they never will.
Lyne’s expert advice is to begin making these security fixes now, before these devices play a significant role in our everyday lives.
4. Employ a security professional
One of the biggest security challenges facing businesses is the lack of professional cybersecurity personnel ready and able to take on cybercriminals. Due to limited resources or a lack of understanding of the true complexity of cybercrime, many organizations rely on their overworked, existing IT staff to build up cyber defenses and plan incident response strategies.
We’ve seen that cyber attacks can be multi-faceted and complex. Maintaining strong defenses in the face of this complexity is sometimes well beyond the scope and capability of traditionally trained IT personnel. These employees know the systems and basic protections, but they may not be trained in the latest security measures or they may simply not have the time or capability to do it all. Bolstering your security with professionals who understand the ins and outs of evolving cybercrime strategies is a critical investment that could be the key to protecting your organization.
More surprises to come from James Lyne at the Virtual Security Summit when he uncovers who today’s cybercriminals are and how they really operate.
- Get the security manual for today’s business environment. Download your free copy of The Modern Workplace Watchdog: Protecting the Information, Systems and People Important to you and your Business.