Cyber Resilience: Checklist for Organizations

2024-11-08

Cyberattack. Hackers. Cybersecurity. Long gone are the days when these words conjured up images of anonymous creatures hunched over a keyboard in a dark room with mysterious green and white ciphers running across their black screens. With global digitization came new risks and dangers affecting companies large and small, individuals of all means. As of today, there are over 14 billion accounts and over 800 websites affected by cyberattacks. And those are just the identified ones. As cyber criminals develop new tools and techniques, it is imperative companies do not underestimate the scale of the impact one small vulnerability in their systems can cause. If large financial losses and reputational damage do not sound like a good time, below is a short list of things to consider when thinking about protecting your business.

Data Backup

Although backing up your data may seem quite obvious, it is a very important step in company’s cyber resilience as this will keep you one step ahead of cybercriminals if an attack were to occur. One of the most common attack tools in the bad actors’ arsenal are various strains of ransomware. After getting access to company’s systems (via phishing emails or malicious pop-ups, for instance), ransomware encrypts all the files it can access and deems them unusable. In order to regain access to an   key, the victim is required to pay a ransom demanded by attackers, that can range from a few thousand to millions of dollars. Reportedly, this year, the highest ransomware payment of $75 million went to the Dark Angels gang. The amount has beaten the highest reported ransomware payment of 2023 that came to a £37.8 million. It can get very expensive.

By backing up your data on an external device, another computer or the cloud, the criminals cannot use it for blackmail and extortion. Despite the unpleasant fact of the attack, the company will be able to get back to work quicker and will not need to worry about paying a ransom.

Up-to-date Software

Unfortunately, having a copy of your data is only useful if it has not been stolen prior encryption as this would pose a risk of said data being sold or exposed on the dark web. Therefore, the best method of protecting the company from unwanted guests is to ensure all possible safety measures are implemented. Again, it seems obvious, but it is vital that all software, both and not, is up to date and switched on. Always download the latest versions of software and, where possible, set everything to update automatically to avoid missing anything important. When downloading updates manually, ensure they come from an official source and are compatible with your hardware and operating systems. And always ensure that everything that should be on is on – antivirus, firewalls and VPNs will not save you if they are “tucked away in a drawer” when they should be actively running.

2FA and MFA

Two- or multiple-factor authentication is a great tool that can prevent criminals from being able to access internal systems and data. By requiring multiple forms of identification, the company ensures they know who is accessing protected information. While it may seem frustrating having to take extra steps when accessing your emails, files or VPN services, this can be imperative useless. The dark web provides a great selection of compromised accounts to fit any taste and budget with combolists consisting of emails and passwords being one of the most popular and accessible products of the cybercrime sphere. By requiring and external source of identity authentication, a correct email and password combination will only give a criminal a peace of mind that whoever sold it in the first place did not lie about authenticity. The more internal services require 2FA or MFA, the harder the system as a whole will become to breach.

Staff Training

As staff are usually the centre of operations in a company, it is imperative that enough time and resources is put into improving their knowledge of the cyber risks and how to protect themselves and the company. In the current data-driven age, this knowledge will be useful not only in the workplace but in the everyday life.

One click on a link embedded into a malicious email can cause disruptions affecting whole countries. For instance, one of the biggest known ransomware attacks is believed to be caused by one stolen employee password. Colonial Pipeline, the owner of a pipeline system carrying fuel from Texas to the Southeast in the US, suffered an attack in May 2021 that disrupted operations across the whole country for days resulting in massive financial losses. Not to mention a hefty ransomware payment of $4.4 million in bitcoin, of which only $2.3 million was successfully seized by the U.S. Department of Justice.

Although Colonial Pipeline is not the only example of damage done by one leaked password, it is a great example of the importance of staff training. Educating your employees on how to identify suspicious emails and applications, how to create strong passwords and change them regularly, how to update their software and use new security measures like 2FA ensures they are informed on best practices for cybersecurity.

Filtering

Although this is not a step that can be applied to all businesses, setting up filters on emails and websites that can be accessed from within the company can contain the risk of infection. Bad actors design emails and websites to look like official entities. Email filters scan sender’s identity, keywords, content and attachments to identify validity and potential threats. Blocking certain websites that are known for malicious pop-ups will reduce the risk of an accidental installation of malware. Filtering with addition of educated staff is a good starting point for a safe and secure cyberspace.

Conclusion

Unfortunately, there is no foolproof way to be fully protected from cyberthreats. Therefore, it is important to take all possible measures to minimise the risk and, if an attack were to happen, to be well prepared to deal with it with minimal damage. The above points are a decent starting point, however, it is important to remember that as protective tools expand and develop, so do the tools used by malicious actors. Cybersecurity is not a one-time effort, but an ongoing process of vigilance and adaptation. By making staying on top of latest cybersecurity trends a priority and investing in strong defensive mechanisms, there is a good chance that if a criminal knocks at your glass door, you will detect them quicker and have effective tools and procedures to act accordingly.

 

Reference List:

https://cypfer.com/how-can-i-protect-my-company-from-cyber-attacks/

https://www.ncsc.gov.uk/collection/small-business-guide

https://www.axios.com/2024/08/16/ransomware-payments-price-record

https://www.techtarget.com/searchsecurity/tip/The-biggest-ransomware-attacks-in-history

https://haveibeenpwned.com/

 

The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.

 

 

 

 

 

 

 

 

 

 

 

Related news

Twitter data breach: exposed the data of 5.4 million accounts | White Blue Ocean
Twitter data breach: exposed the data of 5.4 million accounts
2022-09-15

In late July 2022, Twitter confirmed that it had suffered a data breach, after a threat actor appeared in a popular underground forum selling the data of 5.4 million Twitter users. Read more

Read more
How Bad Actors Begin
2023-08-02

There is a clear path of progression for a bad actor to go from unknown and uninvolved, to standing shoulder to shoulder with the internet's most sophisticated criminals. In this article we attempt to answer the question of how bad actors are made.

Read more
SIAE Data Breach
2021-10-21

News of the latest cyberattack comes from Italy, where on the afternoon of the 20th October it was disclosed that SIAE, the Italian Society of Authors and Publishers, was targeted by a ransomware attack. SIAE, which was founded in 1882, is the Italian copyright collecting agency for artists in different areas of the entertainment industry, including television, music, theatre, visual arts and literature, and aims to guarantee that artists receive the right remuneration for their work.

Read more
Ransomware attack results in the shutdown of the Colonial Pipeline
2021-06-15

The cyberattack that at the beginning of May targeted and caused the shutdown of the Colonial Pipeline, the largest fuel pipeline in the US, was a powerful example of the threat posed by the rising number of ransomware attacks, and the detrimental effect they can have not only on businesses but on national critical infrastructure.

Read more
Why phishing emails contain errors?
2022-05-04

You have probably noticed that all the phishing mails are poorly written and some details may let us think they are somewhat unprofessional. Find out why.

Read more
Learn how to Secure your WiFi Network
You Need to Secure your WiFi Network
2023-04-18

Home networks are an essential part of all our lives, however, a network that is not properly secured can put your personal and financial information at risk, as well as open doors for cyber criminals to access and exploit other devices on your network.

Read more
Top 5 Ransomware Attacks of 2022 | White Blue Ocean
Top 5 Ransomware Attacks of 2022
2023-01-16

Ransomware attacks show no signs of slowing down. Discover 5 of the most severe attacks that occurred in 2022.

Read more
The shift to private clouds: how cybercriminals are changing the monetization of stolen data
2024-11-22

Subscription-based models in cybercrime allow hackers to offer stolen data in private clouds, reducing risks and boosting profits. For victims, this means greater threats as data becomes more accessible and exploitable over time.

Read more
API Vulnerabilities
API Vulnerabilities
2024-02-23

APIs play a key role in our fast-paced digital landscape as they are incredibly useful to facilitate interactions between software communications. At the same time, they harbor many vulnerabilities that can compromise security. This article explores the most common ones and their potential consequences.

Read more
The dangers of VPN credential leaks | White Blue Ocean
The dangers of VPN credential leaks
2022-07-22

The increased reliance on VPNs made the latter an attractive target to cybercriminals. In particular, threat actors began exploiting one of the known weakest links in the chain: users’ passwords.

Read more

Contacts

Let's talk

Please fill in the form below (fields with * are mandatory) and we will respond to your request as soon as possible!