James Smith, Customer Experience Director at CloudM, provides his insight for businesses concerned about falling victim to large scale cyberattacks and ransomware requests.
Cyberattacks have been particularly prominent in recent months with global enterprises such as NATO, MGM, Motel One, Lyca Mobile and Sony all reporting troubles with cyber security. Malicious attacks have increased to over 50% and the average cost of a data breach has surged nearly 30% to, approximately, £4m million per breach.
The threat is clear – but what causes these attacks and how can businesses, agencies, conglomerates and other organisations prevent these types of attacks from causing harm?
How are the attacks occurring?
The first step is to understand why and how these types of attacks are occurring. While there isn’t one definitive answer, there are various components that have led to this spike. Technology advances in AI and a general wider access to technology means that more people can become scammers, even if they don’t have programming skills or good language skills. Poor language and grammar used to be a telltale sign of a scam, but that’s not necessarily the case anymore. A lot of companies will also make the decision to move to the cloud without solid security in mind and as most data breaches are caused by employees, the threat often comes from within.
How can this be prevented?
An effective approach should help defend against both external attacks and common internal threats, such as accidental breaches and human error. The essential security accreditation that organisations should look for when choosing a provider is ISO 27001. This is the international standard that provides the specification for an information security management system. It is one of the most popular information security standards in the world, focusing on protecting information, confidentiality, integrity, and availability.
Another accreditation that should be met is the payment card industry data security standard (PCI DSS). It was created to allow the consistent and safe use of debit/credit cards globally, enabling people to use their cards without fear of having their bank accounts emptied. Companies should also check for GDPR and HIPAA, complying with personal data protection.
Prepare from the beginning
Cybersecurity begins the very moment someone starts writing the code, which is why it’s important for developers to practise secure coding. Secure coding is the habit of writing software with possible vulnerabilities in mind from the very beginning. Experienced developers know the risks and dangers out there, and can start to code against those threats at the earliest opportunity so that safety is quite literally built into systems.
Test for security
Penetration tests (or pen tests) are a way for companies to test out its cyber defences without causing any serious damage. New features, older systems and software updates are all susceptible to outside attacks and a pen test is an excellent way of uncovering any weak points in a company’s security processes. Systems are also checked with full access, ensuring that even with a username and password, no one can access anything they shouldn’t be able to.
Recovery plans
If a data breach or cyberattack occurs, it is vital that businesses have a robust disaster recovery plan in place that also covers the partial or full loss of business data. Today, more organisations are looking to the cloud for a solution. Backing up data to cloud storage springs to mind. With a solid backup plan in place, data can easily and quickly be restored, ensuring almost seamless business continuity.
There’s a fairly simple process that must be followed when building a backup plan: people, process and technology. For people, it’s important to consider the impact it will have on staff and how this message is delivered. Are people trained on what to do if an attack occurs? You must have a strategy in place to implement these plans – and, this is where technology links everything together. Technology will be the tool to keep staff up-to-date, register the risks and initiate the backup plan.
Backup, backup, backup
Another key tip would be to have multiple backups, especially for the most important data. This can be based on level of importance, so that the most important business data is highly unlikely to be lost. While the cloud is one of the best and most effective ways to backup data, it might also be worth considering backup systems and processes outside of the cloud.
Today, more businesses are requesting strategies for recovery. A disaster recovery plan will ensure business continuity. Backup plans can be more sophisticated than before: rather than backing up everything for everyone it’s more effective to create a ranked system of importance. While this seems technological, it is not an IT decision, but the responsibility of risk lies with the heads of the business. The complexities of a disaster recovery plan can take a considerable amount of time. Starting today will save the business tomorrow.