As business embraces opportunities from cloud and mobile computing to connect with customers, they take on new risks. There is a steady increase in destructive, sophisticated cyberattacks and ransomware. This is according to security specialist and J2 Software CEO John Mc Loughlin.
Without knowing it, nearly everyone has already been hacked – whether it’s in a large company or small business or at home. Cybersecurity experts say everyone is at risk and somewhere along the line some kind of personal information, an email address or password will be stolen.
Hackers are working to gain secure data all the time, it doesn’t matter what industry. Cybersecurity is a money making business and will continue to grow. Everybody is a target and it also doesn’t matter the size of the business.
Business leaders need to educate their staff and create a culture where nobody is afraid to report suspicious activities. They need to ensure their staff are as prepared as possible that they can protect themselves and their company.
Although the majority of large companies are seeing a steady increase in the sophistication of cyberattacks, small businesses are often more at risk because they don’t always invest in the resources they need to prevent attacks.
As the threat landscape evolves, many businesses are struggling to keep pace with the hackers. This is largely due to a lack of funds, ineffective tools and a shortage of expertise. As a result, when a cyberattack occurs, businesses are left reacting rather than proactively fending off those threats.
Businesses need to assess the kind of attacks that are most probable to hit their networks. Although data theft could cause huge damage, there are other threats like ransomware that are more likely and would have a profound effect on any company.
To start, businesses need to plan ahead for possible attacks and have secure strategies for business continuity and incident response. They will need to identify a team with each staff member having a designated role in case of an attack.
Management needs to fully understand what impact a cyberattack can have on services and the people who rely on that data. They need to accept that it is going to happen and must focus their attention on how to recover, how to minimise the damage and how to get the system up and running as fast as possible. Remember, every single recovery method will already be anticipated by the hackers.
Businesses often create a strategy and think they are fully prepared for an attack, only to find out during an attack that the data was backed-up in the wrong format or contacts were outdated, or the insurance didn’t cover everything.
To prevent this from happening, businesses should test scenarios and anticipate possible iterations of attacks to improve resilience. With ransomware, for example, companies are reliant on backups to recover data. One would need to check whether the right data is being backed-up.
More importantly, the company needs to ensure it can totally recover all systems and not just the data. Data recovery is normally easy when done correctly, but recovering an entire system will take some time. Even with a complete backup, one still needs to establish how to recover that data.
It is highly recommended that one never pays the ransom because even if one does, there is no guarantee that you will get your information back. Regardless, one will have to set up a new system and restore the files that were encrypted. Also remember, with ransomware, the first thing hackers aim to do is to delete backups if they are not segmented from the network.
There are third-party companies that can provide backup solutions through the cloud. Having the security of those backups as part of one’s strategy is imperative. Businesses just need to ensure that they can restore or rebuild their system and be confident that they have what is required to do so.
Most businesses think it will never happen to them, but they are so wrong. Accept that it is going to happen, be prepared.