The Positive Side of Proactive Cyber Defense

Each month, when you read our “Tales from the Dark Web,” you are greeted with stories of companies infiltrated by hackers whose systems have been compromised, assets misappropriated, and data irreparably damaged. But, for every “doom and gloom” story we can tell, there are instances where another organization’s proactive use of controls and technology have thwarted a cyberattack. The fact is that organizations that take a proactive approach to dealing with cyber risk find themselves in a much stronger position than those that don’t. In fact, in their 2020 Cost of a Data Breach Report, IBM Security reported that being prepared for an incident saved organizations over 37% on costs, compared to those that were not.

As our ethical hackers will say, hackers are inherently lazy. Their time is worth too much to spend too much time on any one attack. If their attempts are not successful within a reasonable amount of time, or are met with resistance from the get-go, they will quickly move onto the next target. A prepared company has taken a stance to not be an easy target.

What does preparedness involve? Here are just a few key elements to consider when proactively preparing for a cyber incident:

• Understand your risk – you can protect your data if you don’t know what valuable data you have and where it is stored. You can’t protect against risks if you don’t know the risks that impact your industry, business, and clients. A high-level risk assessment is a low-cost, high-impact method to obtain this key knowledge.
• Have an incident response plan in place – It’s a matter of when, not if, your company will be attacked. Having an incident response plan outlined, so everyone knows their roles and who to call when an incident is identified, is key. Timing is everything in a cyberattack and taking the right first step could make the difference between saving your network and data and having to start from scratch.
• Invest in tools to protect your environment – No company has enough sets of eyes to monitor each employee’s activities and every event log from each system on a real-time basis. Tools such as Security Information and Event Management (SIEM) systems, Data Loss Prevention (DLP) tools, among others, can be the difference between detecting an attack or missing clear and present signs of an attack to come.
• Train your employees – With over 90% of breaches stemming from a phishing attack, making sure your employees can detect a phishing attempt and avoid falling victim to a phishing attack is a must.

How do such activities make a difference? Here are a few recent examples:

• A client who recently contracted with a third-party SIEM provider was alerted to an after-hours attack from an offshore IP address simultaneously trying to gain access to the network through an executive’s account and the firewall. The managing SIEM provider disabled the executive’s account access and contacted IT, who was able to block the originating source of the attack and reinforce the executive’s account credentials before any damage was done.
• A company accountant received an urgent email from the vacationing CEO, requesting a wire be sent to a vendor to secure a contract. Wire information and approval was provided, but something about the wire request didn’t seem right, especially since recent cyber training specifically addressed this type of scam. The accountant hesitantly contacted the CEO on vacation to learn that he. in fact, did not make the request.

The success stories go on and on, but for every one, there is a story that went the other way and resulted in a cyber incident. We don’t have to wait for trauma to react. Ask yourself, “Have I done everything I can to protect my company’s network, hardware and data?” or “Am I confident my internal resources would know how to respond to an attack to both preserve key evidence and get the attack under control? If the answer is NO, now is the time to prepare.

For assistance in beginning down the path to proactive cyber defense, contact Michael Camacho at mcamacho@citrincooperman.com or Kevin Ricci at kricci@citrincooperman.com for more information.