Cyberattacks, data breaches, malware, ransomware - these aren’t new to the headlines, yet the frequency of these incidents and the resultant focus on cybersecurity has dramatically increased. Why are we seeing this trend?
The primary driver behind the increased number of data breaches is the ability of cyber criminals to monetize the data stolen. This, in turn, has increased cybersecurity awareness and spending within organizations. The fear CEOs feel of being publicly shamed and their company being financially harmed by a data breach is very real. No CEO wants to go before Congress to explain their company was breached because of incompetence.
Rep. Greg Walden (R-Ore.) to former Equifax CEO Richard Smith: “How does this happen when so much is at stake? I don’t think we can pass a law that fixes stupid.”
What is cybersecurity?
Cybersecurity is the act of analyzing risk to data and compute resources from internal and external threats and implementing solutions that mitigate that risk.
How do we gauge the severity of a cyberattack? Is it in terms of people affected, money lost, data stolen?
The severity of a cyberattack should be defined by the impact on human lives. Let’s compare three data breaches, Yahoo, Equifax and Bronx-Lebanon Hospital. Yahoo’s breachreleased username and hashed password information of 3 billion users. With Equifax, the hackers accessed 143 million names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. The Bronx-Lebanon data leak exposed the medical records of 7,000 patients including mental health and medical diagnosis, HIV statuses, sexual assault and domestic violence reports, addiction histories and more.
Hackers call a full personally identifiable information (PII) record a fullz or medical fullz for healthcare. That impact is difficult to gauge, but the medical fullz certainly has the most potential impact on the most vulnerable people.
The above examples only take into account data breach cyberattacks. Critical infrastructure and ransomware attacks are also very impactful. The Ukranian power grid was attacked and the power shutdown to a quarter of million people. If that happened in NYC, there would be anarchy within hours. The WannaCry ransomware attack shutdown 16 NHS hospitals in the UK and Europol estimates that around 200,000 computers were infected across 150 countries.
The severity and impacts are wide-ranging and dependent completely on the type of cyberattack. Ultimately, I believe regulating bodies will establish penalties based on the type and number of records breached.
Ransomware is the number one cybersecurity threat today, in terms of frequency. There is no shortcut to testing your defenses against a ransomware attack. WatchPoint has created a PowerShell script to allow you to simulate an attack. Click HERE for details.
What steps should organizations be taking to protect data?
Firewalls and antivirus are the extent of most organizations cybersecurity defenses. Companies need to implement a layered cybersecurity approach that includes patch management, endpoint detection and response (EDR), data leak prevention (DLP), system information and event management (SIEM), and deception technology. Very few companies have the ability to defend against an intrusion once an attacker is on the inside of the network with trusted user credentials. A layered cybersecurity model allows companies to detect those intrusions and exterminate them before data is stolen. This sounds expensive and overwhelming, but isn’t with the right security tools and staff.
You mentioned this can seem overwhelming, so how does a company evaluate cybersecurity solutions?
Firms need to ensure that security staff is available to manage the tools being implemented. Too often cybersecurity solutions are purchased that existing staff can’t manage. Alerts end up being ignored, and breaches happen while the alerts are sounding.
As cybersecurity awareness and spending increases, will the threat of cyberattacks decrease?
Certainly, but hackers are continually innovating new attack vectors. Cybersecurity will be a continual game of cat and mouse for years to come. Firms need to make themselves as hard of a target as they possibly can. Right now the world is a target-rich environment. Don’t be an easy target.