In 2019, the average cost of a data breach rang home at $3.92 million USD, according to a study by the Ponemon Institute. The report goes on to say that number drops to USD $1.2 million if the data breach is discovered and contained within 200 days. Curious how can you avoid adding your organization to the ever-growing list of companies that have suffered a ransomware attack or data breach?
First and foremost, organizations must take care of the basics before delving deeper. The basics are undoubtedly the most important piece in Cyber Security – much like a house needs a foundation, so too does a good Cyber Security program. The basics that every organization needs to implement are generally the same; however, the value from each of these five basics will vary depending on the organization.
These five basic protections are Antivirus/Anti-Malware, Backups, Email Filtering, Firewalls, and Regular Software Updates.
Antivirus, or as it is more commonly known, Anti-Malware. These applications are installed on computer systems and detect malicious files and programs using a large database of known signatures. A signature is a fingerprint that matches a specific piece of malicious software or file and is created by the company that produces the Anti-Malware application. These are typically downloaded from the company automatically, sometimes several times each day. New malware is created daily. In fact, in June 2020, independent research institute AV-TEST identified over 9 million new malware samples. It is because of this that regular scanning is critical to finding infected or malicious files that were previously unknown. When the Anti-Malware application detects a file or program that matches one of the signatures it will take actions, such as displaying an alert, deleting the offending file, or moving the file to a special location called a quarantine to prevent it from doing further damage.
A backup is a copy of original data which prevents losing important information in a wide variety of scenarios, such as:
- Computer/Equipment Failure
- Accidental or Intentional Deletion or Modification of Data
- Fire, Flood, or Theft
- Configuration Errors
Without a second (or third) copy of your data, you risk losing valuable information that can’t be recovered, or (in the case of ransomware) the costs of recovering it are so high it exceeds the value of the information.
According to Proofpoint’s 2020 annual State of the Phish report, 55% of organizations experienced a successful phishing attack. Filtering emails coming into your organization can dramatically reduce the number of phishing emails, malicious files, and spam that employees need to deal with. Fewer emails means your employees spend less time dealing with messages that don’t create benefit and are not exposed to as many scams that directly impact the bottom line.
A firewall is a device that sits between a trusted network, such as a corporate network, and an untrusted network, like the Internet. It acts as a barrier, allowing only traffic that is explicitly permitted to pass through. A firewall can have additional functionality, allowing it to perform Antivirus/Anti-Malware scans of files that pass through, filter email, or even limit what websites can be accessed, lowering the likelihood that an employee is tricked into accessing malicious content.
Regular Software Updates
Without a doubt, performing regular updates should be at or near the top of the list for everyone. Anyone who owns a computer, router, smart home device, cell phone, etc., should always apply updates as soon as possible. Most times these updates contain critical security updates that address serious flaws in the software on the device. By performing these updates, you take away the opportunity from the bad guys who try to use those flaws to gain access to your devices and networks.
So, where do we start?
The answer to your question depends on your organization. What are your Crown Jewels? Let’s look at a scenario to see how a fictitious company might benefit from the order in which they prioritize these basic protections.
Fizzy Fuzz Soda Corp
Fizzy Fuzz Soda Corp sells its sugar-free take on fizzy children’s beverages across the country to restaurants looking to offer a health-conscious offering to families. As a smaller company, Fizzy Fuzz produces using a just-in-time manufacturing structure to reduce storage costs and product spoilage. In order to meet customer demand, they cannot afford for their production systems to go down unexpectedly, nor can they afford to lose access to their proprietary recipes. Finally, to avoid the overhead of a large sales organization, Fizzy Fuzz has opted to partner with another company that already services restaurants to promote and distribute their product. After undertaking a cyber security assessment, management at Fizzy Fuzz agreed to implement the basics over 6 months in the following order:
- Regular Software Updates
- Email Filtering
Firewalls – In order to keep Fizzy Fuzz’s production line operating and their recipe secret, they needed to prevent unauthorized access to their systems from the Internet. By installing firewalls limiting who can connect to Fizzy Fuzz’s servers and production systems, they reduced the likelihood that a hacker can impact their just-in-time production or steal the secret recipes.
Backups – To prevent loss of their secret recipes, due to ransomware, equipment failure, or being deleted. Fizzy Fuzz needed to ensure multiple copies of the recipe existed. A proper backup strategy that ensures their recipes cannot be lost – their Crown Jewels – and is second only to ensuring they can continue producing their tasty drinks.
Regular Software Updates – By regularly applying the latest software updates to their systems, Fizzy Fuzz keeps hackers from using known vulnerabilities to compromise its users or systems. This ensures their employees can more safely access the Internet, open files received by email, and prevents hackers from getting into Fizzy Fuzz’s systems on the Internet.
Antivirus/Anti-Malware – In scanning all files downloaded by users and regularly scanning workstations and servers with Antivirus/Anti-Malware software, Fizzy Fuzz prevents malicious software and files from infecting systems, locking files with ransom demands, and identifies old files that may have not been caught the first time. By finding and preventing malicious software from hiding ensures Fizzy Fuzz can confidently operate their systems and avoid disruptions in their operations.
Email Filtering – Fizzy Fuzz leverages email filtering to check every email received to weed out spam, phishing, and malicious emails from ending up in the inbox of its employees. By preventing these messages from being received by the user, it reduces the likelihood that someone is tricked into giving the bad guys their passwords or proprietary company information, like the recipes for their newest product.
Thinking “This is great for Fizzy Fuzz, but what about my company? We buy and sell widgets directly to consumers.”? Your organization can look at what is most important to it and focus on the basics that help keep it safer. Don’t forget that Kalnara Cyber Defense is here to help you evaluate your organization, its Crown Jewels, and put together a plan customized to meet the needs of your organization.