We are all experiencing daily external attacks via malware and phishing, you just cant escape it. The reality of it is it's no longer a lone hacker hunched over his desk hacking away, it is now criminal organizations hellbent on trying to get inside your network to excavate your data or hold your data for ransom.
Today the perimeter of your network is no longer the firewall, it’s really the user. This is because the user is working outside your perimeter and venturing into the internet. Users are going to or redirected to websites that may be malware laden and are subjected to phishing attacks daily (Of note: 91% of all attacks start with a phishing attack). They are clicking on a link in a phishing email which in turn invites malware in, or they open a document that executes a macro that downloads something that then runs a java script that infects a vulnerability in say java or flash with malicious code that then downloads the payload to gain access to your system. Today’s malware is really that sophisticated.
You must understand the users may not be really interested in fighting the war with you. Unfortunately, for many organizations it’s a losing battle when it comes to malware. The question then is how do you defeat these criminal organizations that are laser focused on doing in your organization (getting into your network and stealing or holding your data for ransom)? It is estimated that roughly 61% of SMB companies that were subjected to a ransom attack closed their doors within 2 years after the attack. Why, you may ask? It’s because the reputation of the company (its foundation for keeping and securing new business) has been tarnished and their clients and potential clients are hesitant to do business with a company that didn’t protect their data. What about the Fortune 500 companies that were breached? Simple, they have the money to sustain a breach, SMB’s usually don’t.
A few words about cybercriminals. Today they are legitimate organizations who are making money off of holding your data for ransom or exploiting your data. Mainly located in eastern bloc countries, these cybercriminals have salaries, they chat with their friends at the water cooler, they have quarterly business review meetings with the board of directors and they are trying to increase their revenue year over year by stealing from you!
Look at it this way; think of a company you like, any company. Now each year that company is working toward making their product better right, well so are the bad guys. They are hell bent on trying to figure out a new way to get past what you put in place to stop them, remember it’s their job.
Ok, so to be clear, cyber attacks by cybercriminals are not targeting you specifically per se. They are casting a very wide net over many, many organizations at one time and waiting for someone to let them in! This becomes dangerous in that regard because you don’t know where or who is going to be coming after you. Remember ransomware removal may not be possible so we need remain vigilant.
Please don’t think your company is too small to be a target! You have employee data, client data and payroll data just to name a few. If that information were to be subjected to a ransomware attack your company would stop dead in its tracks! Everyone, and I mean, everyone is a target! Yes, large companies are being breached (Equifax, Uber, Forever21 and Hyatt Hotels are some of the latest to make the news), but what you don’t hear about in the big news media is the SMB like you. You would have to search your local news for those stories and that’s if the company ever reported it. Remember, the fight is not just being fought in large enterprise organizations, the SMB’s are truly the ones being victimized daily.
Let’s talk about your layered defense strategy to help you win the war. First, the assumption has to be that even with all the prevention techniques in place you must take the standpoint that the bad guys are going to get through your prevention layer of defense! What is needed is a strategic layered approach in order to help win the war. The premise of the layered approach is so each layer can deal with the layer in front of it that failed. That layered approach is defined as Protection, Detection and Response. With that in mind let’s take a look at how we can try to Protect the breach at the onset, look at the Detection of a breach and how to detect it and finally how to Respond from the attack as fast as possible.