Time and again, we hear the line: “security is everyone’s responsibility.” In the age of hybrid work, where employees are working out of offices, houses and coffee shops using a variety of devices, this statement is more pertinent than ever. As corporate perimeters continue to disappear, it is increasingly crucial for business leaders to take a proactive approach to cybersecurity, ensuring that every employee understands that security is a shared responsibility.
Historically, enterprises expect CISOs to take sole responsibility for cybersecurity. This approach is no longer sufficient as threats become more sophisticated and complex. As digital technologies become more embedded into enterprise operations, security needs to be integrated across business functions. This means that everyone within the organisation from the CEO to the CFO, HR managers and the support staff, should be held accountable for cybersecurity. In fact, Gartner highlighted that by 2024, as many as 75% of CEOs could be held liable for data breaches if it is found that the incidents occurred due to insufficient focus or investments into security.
Navigating the ever-evolving threat landscape requires business leaders to invest in the right tools, adopt best practices and implement robust strategies. However, more often than not, they become so fixated on buying the latest technologies that they end up making poor decisions and bad cybersecurity investments. They need to recognise that gaining ample information and understanding of the different cyber threats surrounding their environments are equally important.
ALSO READ: How to understand your business’ cybersecurity readiness
To help arm business leaders with the knowledge on how they can best defend themselves against today’s cyber threats, Kaspersky outlined the biggest cyber threats faced by organisations today. Subsequently, ITP.net collaborated with Kaspersky to share top tips on how to mitigate these threats:
-
Never pay the ransom
Over the last couple of years, ransomware attacks including the Kaseya and Colonial Pipeline incidents have dominated headlines. A study by research and analyst firm IDC revealed that a third of businesses had a ransomware attack in the past 12 months with an average ransom payment of US$250,000.
Paying hefty ransoms encourages cybercriminals to continue their practice. Instead, you should contact the right authorities and work with your security provider. Additionally, it’s always better to be prepared and strengthen your defences to prevent falling victim to ransomware. To do so, it is vital to invest in an anti-ransomware solution and have a structured approach that can help you detect and shut down a ransomware attack chain.
-
Secure the cloud
If your organisation is implementing a remote or hybrid working model, chances are you are leveraging a slew of cloud technologies to ensure seamless business operations and productivity.
Over the last few years, even before the pandemic, cloud adoption has been growing strongly. According to research by Kaspersky, 37% of small- to medium-sized businesses and 50% of surveyed enterprises are either using the cloud or planning to increase their use of the cloud.
If your company relies on the cloud, then cloud security needs to be among your investment priorities. It is also important to note that the world’s major cloud data centres – operated by the likes of Amazon, Google and Microsoft – have been designed with security in mind.
To enhance the security of your cloud applications and systems, it is vital to invest in Security-as-a-Service (SECaaS), a cloud-delivered model for cybersecurity services. It offers benefits such as low total cost of ownership, faster provisioning and response times, skilled personnel and seamless management.
In addition, as your employees leverage cloud solutions, you need to invest in robust endpoint security and in training staff to be more cyber aware.
-
Create a cyber-aware culture
People are one of your biggest risk factors and are also your best line of defence.
Social engineering is one of the most common and effective attacks used by cybercriminals. It uses methods such as phishing and business email compromise (BEC) to trick employees into disclosing sensitive information, spread malware and wreak havoc across the organisation.
A successful breach carried out using social engineering can cost an enterprise over $2 million, according to Kaspersky. Therefore, it is important to create a security-aware culture to keep your business safe. It is pertinent to make sure everyone within the organisation is aware they are responsible for ensuring the security of the company’s systems and data. However, it is also critical they carry this sense of responsibility out of habit rather than fear. A strong cybersecurity culture isn’t built on lectures about how dangerous the cyber-world is, it’s built on knowledge and engagement.
-
Ensure security across your digital supply chain
It may seem bleak, but when it comes to cybersecurity it’s good to not trust anything or anyone. This means that every user, device or application that tries to connect to your corporate network should be considered untrustworthy until proven otherwise.
As an example, in supply chain attacks, cybercriminals insert malicious code into trusted software or hardware from an outside partner. They can then use this to launch an attack that may spread from your system to other companies you work with.
Preventing these kinds of attacks requires good visibility over your supply chain, increasing vigilance to third-party risks and creating a strong response and remediation plan with your partners.
-
Always be prepared
Advanced persistent threats (APTs) are among the problems that keep cybersecurity teams awake at night. As the name suggests, APTs uses continuous, stealthy and sophisticated hacking techniques. It can last for long periods of time and can have devastating impacts. More alarmingly, even after being discovered, APT attacks often allow perpetrators to leave multiple backdoors open that will enable them to return whenever they choose.
To maximise your chances of successfully defending your organisation against APTs, you should have a holistic security strategy that involves not only implementing comprehensive security solutions but also ensuring your employees are well-informed and trained.
-
Protect your network
Another go-to cyber-attack used by cybercriminals is Distributed Denial of Service (DDoS). The goal of this kind of attack is to cut off users from a server or network resource by overwhelming it with requests and preventing them from functioning properly. An attack can render resources offline for 24 hours, multiple days or even weeks, depending on its severity. This can cause severe reputational and financial damages to your business.
To thwart such attacks, it is vital to make your network more resilient by implementing advanced intrusion prevention and threat management systems, which combine firewalls, VPN, content filtering and other layers of DDoS defence techniques. In addition, it is also ideal to develop a DDoS prevention plan backed by robust threat intelligence.
-
Keep the connected era safe
The Internet of Things has become more ubiquitous. By 2025, there will be over 75 billion IoT devices ranging from smart home thermostats to industrial control systems. However, many IoT-enabled industrial systems often leverage outdated, vulnerable operating systems, which make them easy targets for hackers.
Furthermore, the connected nature of such devices means a weakness in one device can make everything that’s connected to it vulnerable too. This emphasises the need for business leaders to ensure IoT security is among their priorities.
SEE ALSO: Defending the city of the future
-
Beware of malware
Malware can be any malicious software, including viruses, Trojans, worms and ransomware. Additionally, with the advent of machine learning and targeted spear-phishing incidents, recent malware attacks have become more sophisticated.
Today, blocking malware attacks requires more advanced and multi-layered protection. Organisations can also leverage advanced Endpoint Detection Response (EDR) to quickly and seamlessly identify, investigate and respond to advanced and complex threats.
-
Defend every endpoint
Each endpoint within your company is a doorway to your corporate network. Endpoints are becoming high-value targets for cyber-attacks as remote workforces continue to become a norm and employees access internal resources from unsanctioned devices.
Deploying a solid EDR solution can give you the tools for visibility, investigation and response. With a robust EDR, you can better see what’s happening across all your endpoints. Investigation capabilities will provide you with the right understanding of the different threats and effectively respond to them.
Security is a business priority
As digital technologies proliferate, we can expect cybercriminals to continue to take advantage of the vulnerabilities and cyber threats to increase. Subsequently, in an increasingly competitive business landscape, customers seek organisations that can offer secure and innovative services as well as ensure their data is protected. Therefore, business leaders need to recognise that security as an afterthought can have a devastating impact not only on their reputation but also on their bottom line.
Learn more about the different cyber threats that are plaguing today’s digital landscape and understand how you can better protect your organisation. Dive into the Enterprise Survival Matrix to assess your cyber readiness and find out how Kaspersky’s comprehensive suite of tools and resources can help you stay resilient.
