Cyberattacks continue to grow and there are many reasons why. For organized crime, it’s a much safer way to make money, often without any downside risk as your victims are located in other countries which may not have an extradition treaty with yours. Cybertheft is also rapidly scalable – not unlike the software industry. The same tactics which can hack into one company can be used to hack into others. The threat of retaliation is also negligible – compared to traditional organized crime. No guns are needed. No muscle… It’s sadly become a great way to make a living.
Nation-states are also on the attack – many are very concerned Iran will step up their efforts. They are the only country to have their government agents indicted for hacking critical U.S. infrastructure. China, Russia and North Korea have never stopped attacking us. DHS and the FBI just sent a warning about North Korea this week in fact.
Lone hackers are also a problem – many are loosely affiliated and are given wide latitude in their home country if they aren’t targeting companies or users where they live.
Finally, terrorist groups like ISIS use ransomware and other attacks as it’s an easy way to stay under the radar and make money to fund their activities.
Generally, companies looking to improve their cybersecurity need to do the following: audit and document their systems via an outside organization, have a penetration test regularly performed and utilize anomaly detection.They should also have a backup appliance with duplicate copies on-premise and in the cloud. Cybersecurity training is also a crucial area to focus on.
Although we often don’t spell it out, system maintenance such as patch management is a critical part of staying secure as patches are often released in a manner which allows hackers to know what new vulnerabilities have been discovered. Armed with this information, they look for systems connected to the internet which haven’t been patched. They then target these systems and break in relatively easily.
Michael Trachtenberg explains the problem well:
Let’s examine for a minute a common scenario of an organization that purchases a multitier architecture (N-tier) application from a vendor and deploys this line of business (LOB) app in their internal network. Taking into account high availability, let's assume there is a two-node file server cluster with Windows Server operating systems and Windows files services, a two-node Microsoft (an MDS partner) structured query language (SQL) cluster with Windows Server operating systems, a two-node load balanced web front end using Internet Information Services (IIS) or Linux and a two-node load balanced application server set. After just the N-tier hierarchy, that still leaves networking, governance for all of those pieces, internal and external access and access management, as well as communications between all tiers and all support services.
In this case, the organization that purchases and deploys this application doesn’t really apply “security” to ensure the safe and secure continual operations of this application, the associated vendors do. The vendors provided all code and provide updates for all code here. The deploying organization needs only to follow appropriate implementation guidelines described by the vendors and to then maintain the systems on all levels, and that could be a daunting task at this point.
Complexity is part of the challenge but the problem is more mundane than that – it’s actually the tediousness of patching these systems and ensuring, if there are patch management agents on the machines, that they are configured properly. In many cases, patches end up causing a conflict with other software, meaning a company either can function properly or be secure – at least, until the issue is resolved.
The famous Equifax breach which released the personal information of more than 147 million consumers was the result of a single machine not being patched.
This was a $600+ million error!
Sadly, human error is a fact of life – even automated systems and AI are created by humans and have inherent imperfections.
This is why, when it comes to cybersecurity – companies need an outside company to help them. Another set of eyes to make sure things are done properly.
Nine times out of ten, this is a decision which needs to come from a CEO, president or COO. IT doesn’t ever want another set of eyes watching over it. Human nature keeps us from seeking outside help to poke holes in what we do for a living.
In other cases, the board of directors needs to bring an MSP or MSSP in to evaluate the company and its liability.
By now, we all should know what GDPR is. We also likely know the fines can exceed $24.5 million. We further know cyberinsurance rates will skyrocket when a company is hit. Even worse, insurance company liability has increased thanks to this new regulation meaning rates likely have to increase anyway.
In other words – the risk calculation has changed in 2018 as a result of the various bad actors targeting corporate systems, new regulations from the EU and insurance rates which will continue to escalate.
The longer a company waits to deal with their cybersecurity situation, the more likely it is to have vulnerabilities exploited.
Effective system maintenance and other cyber initiatives are crucial to keep companies operating and to ensure an organization is safe – even if they have internal IT, they need to hire an experienced MSP or MSSP like Apex Technology Services. Apex acts as an outsourced CISO and has experience helping numerous financial companies including the Fortune 200.