Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

Updated: September 21, 2020 Experts Corner

Staying ahead of a cyberattack threat

By Arvin Chaudhary
Arvin Chaudhary

Cyberattacks aren’t just a nuisance. They can ruin your company.

A cyberattack can clean out your bank account or theft of sensitive data.

It could paralyze a company’s phone and computer networks, causing a full-scale shutdown.

A ransomware attack may encrypt your essential business data in return for a ransom payment.

Resolving these hacks can cost a company considerable time and resources. In fact, according to IBM and the Ponemon Institute, $7.68 million is the average cost of insider-related cyber incidents for smaller companies with less than 1,000 employees.

Unfortunately, these threats will continue to exist as long as cyberspace exists. And the attacks are getting ever-more sophisticated. What are the weakest links in companies large and small? The employees.

Those who perpetrate cyberattacks are good at what they do. Properly training employees, amongst other practices, typically makes it possible for organizations to stay one step ahead of them.

How does an organization protect itself? Here are the steps to consider:

Successful companies that perform better on cyber-resilience tend to put 40% or more of their security budget into sustaining what is working. Instead of being attracted to new, unproven security software, keep what works and build on it.

Frequently, organizations don’t put the same level of emphasis on increasing cybersecurity awareness and training as they do on setting up security infrastructure. It’s important to note that 94% of attackers gain entry through successful phishing scams. Most of these malicious attackers can be kept at bay by training users on how to avoid them.

Vulnerable users are tricked into clicking unscrupulous emails, unknowingly granting privileged access to the organization’s assets or data. It is easier to breach a user’s security fence than the vulnerabilities in the firmware of a perimeter firewall.

Security awareness training must be a core focus of employee education.

The most common way hackers dupe employees is by getting them to download or open an infected file, in an email or even on a website. Once inside, they use that person’s email or access to infect other network computers.

Phishing attacks start with a fake email sent from what appears to be a real company. These scams can be very credible-looking with even sophisticated computer users falling for them.

Many organizations already invest in state-of-the-art Next-Gen Firewalls (NGFWs) to enable security-driven networking. These systems allow organizations to reduce complexity and help to manage security risks.

Another technique for protection concerns geolocation. IP addresses often are tagged with the geographic location of the email’s country of origin. If the company does not conduct business in a region, you may block IP addresses for those countries to reduce risk. This technique can help but is not foolproof since hackers can route traffic through commandeered servers in the US.

Sandboxing also is worth considering. Sandboxing allows companies to send suspicious traffic to a remote, electronically isolated location — a sandbox. The traffic can then run its course on this independent server while being safely examined.

Network segmentation also can help limit damage if there is a breach. For example, a computer network for finance will be protected from a breach in the manufacturing network if they are not interconnected.

While organizations need to keep innovating to stay ahead of the curve, it is also prudent to take a step back and examine your existing cybersecurity framework, allowing you to prioritize the cybersecurity investments based on the ROI.

Arvin Chaudhary is CEO of technology services agency Nadicent Technologies in Glastonbury.

Sign up for Enews

Most Recent

Most Recent

0 Comments

Order a PDF