Protect your systems: Five cyber attack realities to guide you
November 23, 2015 - Kroll Global Fraud Report 2015-2016
You know you’re a target. You’ve been told by many different white papers, handouts and flyers that cyber security must be used to protect your company from attacks.
So, you decide to be proactive in your security approach and make risk-based decisions. And yet, a Google search on the subject will uncover hundreds of checklists, guidelines and products—all of which claim to solve a different security concern or problem. The risks seem endless, and the solutions impossible to wade through. Where do you start?
Start with these five cyber attack realities. Properly understood, they provide a guide to your next step in managing this risk.
The key to success is to balance the impact and cost of security with the actual risk posed.
There is no turnkey cyber security solution
There is no one solution that will protect all of your systems without your spending more time, effort or money. Cyber security is a difficult, time-consuming and ongoing process. The key to success is to balance the impact and cost of security with the actual risk posed. Kroll calls this balancing process “incident risk management.” Start off with an assessment of the risks in your existing systems and focus your security accordingly.
Build a fortress, but secure it from the inside
We often see companies build protection around their systems that are similar to the fortresses built in medieval times. These fortresses often fail because the cyber attacker, when faced with defenses, does not try to break through them; instead, the attacker examines your security to uncover ways to walk right in.
Now, this does not mean you abandon the walls. Rather, the lesson that Kroll has discovered over the years is that you need to use all tools, with the most important, must-have safeguards being:
- Strong external security
- In-place internal monitoring systems
Here at Kroll, we have worked with numerous companies that invested in products to block continuous attacks. What we have noted, however, is an overall lack of investment in internal monitoring of systems, or what we call “end point threat monitoring.”
End point threat monitoring is the use of software to record user activities within a network and flag any suspicious activity that may be indicative of a type of attack.
Failure to have end point threat monitoring in place will expose you to:
- An attack that lasts longer and is harder to catch
- A deep attack that will cost you more lost data
- No early warning signs that could have prevented the attack
- Costly repercussions from the type of attack
- Significant legal and regulatory liability
Data loss is a symptom of a bigger problem you must investigate
The fact that your company has lost data and must notify customers is the symptom of a larger problem, not the disease itself. You need to find the source of the problem. It could be an external hack, employee misconduct or poor internal controls allowing for negligence. Data loss requires a cyber investigation, not just notification. You need an investigation not only to find the source, but also to explain to the regulator how you have fixed the problem.
The attacker often stays in your system after the attack
Always assume that the attacker is still in your system. The goal of online attackers is to stay within a system for as long as they can. If they are driven out, then they are going to try to come right back in, often with user accounts they have set up on the system. Attacked networks need to be monitored until all users and processes are validated. End point threat monitoring is a key part of that solution.
Cyber fatigue is real, but not an excuse for inaction
It’s easy to become fatigued at the thought of cyber security. With so many things to do and to learn, you can lose sight of the benefits. If the process does become too overwhelming, remember this: Each step your company takes to protect itself makes it that much more difficult for attackers. They will move on to an easier target—one without as much security in place. Don’t worry about perfection. Rather, make sure you are hitting the standards, protecting key systems and planning to learn and grow. The more attempts you make at cyber security, the better your chances are to stay protected.
Learn more about fraud statistics and trends in Kroll’s annual Global Fraud Report.