How to Create Cybersecurity Risk Management Strategy

Cybersecurity risk management is a fundamental business technique that requires an investment of both expertice and technology.

*Updated January 2018 to remedy a couple broken reference links

Believing you are protected against cyberattacks or worse believing it won’t happen to you because of the nature of your business or size, is a foolish mentality.  Anyone or more specifically, anything connected to the internet is at risk of a cyberattack 100% of the time.

When it comes to cybersecurity, there are often two sides to the spectrum. Large, high-profile enterprises believe they are protected enough and beach-ready with solid business continuity plans in place, but on the other side small organizations tend to believe that their size makes them not a valuable enough target for cyberattacks and no one with nefarious intentions will hack their systems. It may be true that it is harder for small to medium enterprises (SMEs) to conceptualize that all data has value to someone or the exercise of hacking a vulnerability on a small system is good practice.

Massive Data Breaches

A simple search for “massive data breaches” returns an interesting list of hits – go ahead and search for yourself. The first hit is from CSO online, “The 17 biggest data breaches of the 21^st century.” Spoiler alert!: the list is topped by Yahoo, with a data breach that resulted in all 3 billion user accounts being compromised, which enabled Verizon to save $350 million on the purchase of Yahoo. The large companies that fill out the rest of this list are familiar to most people reading this and the next time the news cycle reports a new cyberattack this will render cybersecurity as a prominent (but brief) topic of discussion at the office.

With each new cyber event we learn the cyberattacks are attributable to evolved tactics of increasingly smart hackers. But is that the primary cause of the problem? After the investigations are complete, nearly all of the major events can be directly blamed on the lack of efficient policies, practices and protocols on the part of the affected organizations (with exceptions like Heartbleed).

Key findings from Verizon’s 2018 Data Breach Investigations Report (DBIR) showcase that 58 percent of data breach victims are small businesses. It highlights that although small businesses do not receive the same attention like their big counterparts, they are equally in line for criminals who are ready to hit them just as hard. The DBIR cites that there over 53,000 cyber incidents this year, including 2,216 confirmed data breaches.

According to the DBIR, the top five industries suffering the most breaches are: healthcare; accommodation; public administration; retail; and finance. While 62 percent of external data breaches stemmed from organized crime groups; 25.9 percent of internal data breaches were caused by system admins; and 19.6 percent of the breaches targeted databases, making them the top targeted enterprise asset. The three most common types of data compromised were: Personally identifiable information (PII) – 36 percent of breaches; payment card info – 34 percent of breaches; and banking info – 13 percent of breaches.

In such a scenario, every organization should consider itself a potential victim, irrespective of size and industry. Therefore, it is imperative that organizations take efficient measures to preserve cybersecurity.

To clarify, we believe there is a difference between cybersecurity and information security and you can read about it here. for the purpose of this article we want to focus on cybersecurity, because the term is a hot buzz word in business today.

Malware

Malware is malicious software that is intended to disable or damage computers.  By employing worms and viruses, hackers can easily access your personal information once infected.

The use of malware from January 2018 – June 2018 has outpaced the first half of last year by 102%.  In fact, there have been 5.99 billion reported malware attacks from January through June alone.  Plus, over 12,000 new malware variants have been discovered in that same time span.

Ransomware

Ransomware is a sophisticated malware that encrypts (locks) your files and often access to the entire machine, then demands a ransom be paid usually within a time limit. If said ransom is paid within the allotted time, hopefully the “unlock” key(s) are provided. Ransomware attacks continue to increase by more than 100% year over year.

Through October of 2018 there has been 286 million worldwide attacks. The increase of 117 percent from 132 million this time last year, as reported by SonicWall on its customer data. That was 57 attacks per day per SonicWall customer compared to only 14 in October last year.

The significant increase in ransomware attacks is strongly supported by the rise in ransomware-as-a-service (RaaS) operations around the world. The ransomware-as-a-service allows bad actors with unsophisticated programming skills into the malware game with an increasing arsenal of “malware cocktails”. “About half of the [ransomware victims] pay, but even among those who paid many weren’t able to get their data back because the variants didn’t contain all the keys,” according to SonicWall CEO Bill Conner.

Encrypted Attacks

Encryption is the process of converting data into scrambled code.  It is meant to allow authorized personnel to view data and can be applied to files or information transferred over the internet.

When the bulk of the enterprise network traffic is encrypted, it makes sense from the bad actors to also encrypt their activities. The encryption on the nefarious code makes it much harder for IT administrators to distinguish between bad and good traffic. Malware cocktails are increasing the use of SSL to encrypt communications between the compromised endpoint and the command-and-control systems which hides the instructions, payloads, and other data being sent. That is, hackers use encryption to bypass security precautions on computers.

Hacking through encrypted attacks increased by 283% in the first half of 2018 or 2 million encrypted cyberattacks in just six months according to customer data released by SonicWall.  Comparatively, the first six months of 2017 only had 509,000 recorded attacks.

Cryptojacking

A newer form of computer hacking, cryptojacking, is hacking a computer network and injecting it with malware in order to use the computing power of the network to illegally mine for cryptocurrency.

Statistics show that cryptojacking is quickly becoming common within the dark web.  In fact, Q1 of 2018 showed that compared to the previous quarter, there has been a 629% rise in coin-mining malware.  In June of 2018, a cybersecurity team discovered over 40,000 devices infected by malware as part of a cryptomining scam.  The infected devices were widespread across various industries such as education, finance and government.

Cryptojacking doesn’t steal data, just computing power.  But don’t think this can’t affect your small business, becuase if infected, all your devices can become a part of a botnet used for cryptojacking. The devices’ processing speeds and performance would then be noticably slowed down and batteries constantly drained until permant damage renders the device useless.

How to create a strategy

Here are few essential tactics enterprises can employ to limit the likelihood of a cyberattack:

Accept the threat is real

Companies, big or small, must realize that the first step is to acknowledge the existing cybersecurity risks that expose the organization to malicious hackers. A single successful attack could seriously damage your business and cause financial burden for you and your customers, as well as affect your business’s reputation. No matter the size of your customer information database, they are a treasure for hackers. Therefore, it is important that you keep it safe. Aside from being a huge blow to your organization’s reputation, there will be legal and financial consequences as GDPR has taken effect.

Re-examine and revise protocols and practices

You have policies and processes in place that outlines what is the accepted standard when accessing the technology. However, it is of paramount importance to keep revisiting the policies and practices to access the immediate and future relevance. Re-examination and revision of protocols helps your organization stay up-to-date to challenge the innovative ways hackers employ to steal data.

Embrace security as part of your company culture

The defense framework you have put up is only as effective or weak as the protocol following consistency of your workforce. Therefore, companies must arrange orientation and refresher training of staff on cyber security measures. The training program must also include insights on the dynamic risk environment, the risks involved and potential consequences due to non-participation in security practices. Employee participation in your organization should reflect that the aspect security is weaved into the culture of your organization.

Invest in cybersecurity risk management

In view of the increased threat landscape, organizations globally are likely to invest more than $95 billion, estimated Gartner. Sadly though, much of the spending will likely be reactive rather than on implementation of prevention-focused measures, leaving them vulnerable to breaches. So the need of the hour is to invest in all-encompassing cybersecurity risk management software. Also, it is important to note that protecting your organization doesn’t take a huge investment; what’s required is the selection of most robust and comprehensive solutions at an affordable cost for any organization. Choosing a technology partner who understands business priorities and helps in aligning risk and strategy will act as a valuable contributor to achieving objectives, in terms of technology risk and specific vulnerabilities.