Every single minute roughly 3 cyber attacks occur. We know that there is always going to be some form of cyber attack on the horizon, but what is important is that after the dust has all settled, you can safely say that your cyber knowledge has increased and your awareness has expanded. If we are not learning anything new then we are making ourselves more susceptible and vulnerable to future attacks.
Here are some key takeaways that you must take into consideration moving forward:
Attacks can easily spread like wildfire
Recent attacks, such as WannaCry, have started with a target on one enterprise and then have quickly managed to spread into multiple organisations all across the globe - highlighting how vulnerable we are.
Today we rarely see attacks just focused on one organisation, and this is something that we must continue to be concerned about. This means that any organisation from any industry, and any size could have a target on their back.
Update your systems
Update, update, update…this is something that cannt be stress enough! In regards to WannaCry, the underlying reason for the attack was the sheer number of systems who were not kept uptodate, therefore they remained vulnerable to any incoming threat. Organisations that do not enforce system updates are basically holding up a ‘WELCOME’ sign to attackers.
We appreciate that with older systems (Windows XP) updates may not be such a simple process, but ultimately sensitive information should not be kept on an unsecure system. Not doing enough to protect organisational data could leave you vulnerable to breaching compliance protocols and legislation.
Maybe if you are still relying on these unsupported systems, it could be time to consider a systems upgrade as the alternative is a ruined reputation and a pay out of out millions in damages.
Do not wait to fix vulnerabilities
You should be reacting immediately to fix issues that could lead to threats and resolving them within a matter of days, not weeks like we have previously seen some organisations do. We recognise that testing patches is important to ensure they work, but it also delays deployment. Organsiations should consider enforcing a ‘patch policy’ whereby there is a set period of time in which the patch must be deployed.
Prevention tactics are not enough
Do all organisations just wait for disruptive market changes to actually happen before they put a strategy in place to react? No they don’t, unless they want to seriously lag behind. They are constantly market watching, monitoring, testing, and predicting the next best thing. These actions should be replicated for cyber security management whereby we should be doing more than just preventing attacks, we should be monitoring, responding, and innovating constantly.
Training employees needs to be high on your agenda
Anyone within your organisation with access to the internet (so everyone) is a threat. Regardless of whether it is intentional or unintentional, it is a problem that can still cost you millions. Sometimes all it takes is one phishing email, one link, or one phone call and your employee unknowingly invites an attacker in. As we mentioned in our previous blog you cannot assume that employees keep up-to-date with cyber security best practice and avoidance measures. This is where your training and monitoring of employees practices comes into play.
More technology devices need protection now
Cyber attacks do not just occur within the four walls of an organisation’s building, they can happen anywhere, especially now that we are in an age of the internet of things where everyday objects can send and receive data and connect to the internet.
Remember the attack on digital toymaker VTech which exposed the data of 6.4 million children? This highlights that we are not safe anywhere.
The rise of the cyber criminal
Actually tracking down these criminal organisations through tracing their point of entry is proving quite a challenge- which is bad news for us, but great news for them and could unfortunately encourage other attackers to start in the future due to the lack of implications.
As their pockets are being lined, organisations need to focus on reaching into their own pockets and consider their cyber security budget. Microsoft have recently announced that they are planning to spend $1 billion annually on cybersecurity research and development, and many other companies are starting to follow suit.
Backup and Disaster Recovery solutions are a must
My final takeaway may be one of my most important. You must start relying on a backup and disaster recovery solution because you cannot be held to ransom for data that you hold somewhere else. Ransomware attacks would be far less common and less disastrous if organisations backed up all their data. You cannot predict when your system may be comprised, so do not risk it.
Here at Backup Systems we recognise the need to protect your organisation. If you realise the value of backup against ransomware then we recommend reading our guide below which highlights the 5 backup and disaster recovery strategy challenges and how to address them.