Cybersecurity: Be Prepared or Prepare to Fail
By Kevin J. Baker, EnCE, ACE, Director, Marcum Technology
My high school chemistry teacher had a sign that read, “Those who fail to prepare have prepared to fail.” Those words ring true in almost every situation, but particularly when it comes to cybersecurity. In recent weeks and months, we’ve seen an astonishing number of high-profile ransomware attacks. Colonial Pipeline, JBS Foods, and Kaseya are just some of the attacks that received significant news coverage. Attacks at hospitals, law firms, government entities, public companies, and other institutions are also occurring daily, even though you may not be reading about them. Now is the time for companies to do what it takes to reduce risk and bolster readiness for a cybersecurity incident. Companies that fail to prepare are, in fact, preparing to fail.
Although the U.S. government is making it a priority to identify and defend against these attacks, the problem is complex and there are no easy solutions. Ransomware attacks tend to be very high profile, but there are many other types of cybersecurity incidents that can also have disastrous consequences.
Amid this complex threat landscape, insurance premiums are rising and limits are decreasing — while at the same time, the cost of attacks is skyrocketing. This makes it difficult to properly protect against the risk of an attack. Despite the plethora of cybersecurity tools and services available, it is hard to guarantee that gaps in coverage do not exist. No matter what marketing materials may imply, there is no silver bullet for cybersecurity.
The Evolution of Cyber Attacks
Ransom demands are now commonly in the millions of dollars. Attackers have moved from just encrypting files and demanding a ransom for the decryption key to also stealing the data and then extorting the company with the threat that the attackers will publicly disclose the information. The sophistication of both the attacks and the criminal organizations behind them is increasing. Long gone are the days of the broadly-cast Nigerian Prince scams written in barely recognizable English. Today’s social engineering attacks are believable, targeted, and very difficult to detect.
Many of the criminal organizations are surprisingly well structured. These attacks are now often carried out by criminal service providers. These are not criminals hiding in a dark basement, but rather companies that have sales teams, technical support, and defined commission structures with volume incentives. The attacks are planned and improved based on prior performance metrics. In order to maximize their effectiveness, attackers plan specific times to launch their attacks, such as on holidays or weekends, when staff is less available and attacks are more likely to propagate before they are detected.
The best way to survive a cybersecurity incident is to be prepared and avoid it in the first place. In reality, all incidents cannot be avoided. However, when a company has prepared by investing in cybersecurity, the recovery time, overall disruption, and related costs are all significantly decreased. Proper planning also greatly reduces the stress and anxiety of a cybersecurity incident. No one wants to be in the middle of an incident on a Friday night and not know who to call or what the next steps are. No one wants to try to onboard a new cybersecurity service provider while systems like email are down and basic documents like service agreements cannot be accessed.
Marcum recommends that all companies invest in a comprehensive cybersecurity program. This should include an up-to-date incident response plan, trained internal resources, and an engaged cybersecurity service provider. Taking this preventative step means that not only are incidents less likely to happen, but when they do happen they cause less damage. It also means that the pieces are already in place to respond, which greatly reduces the stress and anxiety caused by cyber attacks.
The best course of action is to work with a trusted partner to review your overall security posture. During a cybersecurity risk assessment, your partner will identify areas of concern and security gaps, then guide you through your security weaknesses, compliance with regulations, and other cybersecurity requirements. They can also assist with shoring up defenses and ensuring your overall cybersecurity posture is sufficient.
A truly comprehensive cybersecurity program also includes a plan for employee training. Many attacks start with a successful social engineering attack. Training users to identify fraudulent emails and follow proper reporting procedures when an incident is identified goes a long way to securing an organization. Other technical security measures like two-factor authentication (2FA), where a one-time code is sent via text message or provided by an authentication app, should be implemented to increase your security posture. Endpoint detection and response (EDR) products can be deployed to help protect computers and servers from malicious activity. As you may have heard, defense in depth — the idea that cybersecurity defenses should be layered to provide the best protection — is necessary to protect an organization.
Retained Forensics Agreements
Even with proper planning and investments in cybersecurity defenses, successful attacks can still happen. One mistake by an employee, or a supply chain attack against a software product you use, is all it takes. That’s why it is important to be prepared for a successful attack no matter what defenses you have in place. One common approach is to engage a cybersecurity firm under a retained forensics agreement.
A retained forensics agreement is a contract that spells out what services your trusted partner will provide in the event of a cybersecurity incident. It gives you peace of mind and takes the guesswork out of incident response. With a retained forensics agreement, your trusted partner has already taken the time to understand your network and is therefore in a much better position to respond to an incident. This can save critical hours and days when it matters most. Being proactive also ensures that all of the moving pieces, such as legal, insurance, human resources, and public relations, are ready to work together efficiently.
Marcum Technology provides a full cybersecurity service offering. If you need any help, from beginning a review of your security posture to investigating a cybersecurity incident, or even if you just want to ask for advice on a situation you are facing, please contact us.