How to Combat Cyberattacks

There are several ways to help prevent cyberattacks not only individually but also as a company.  The most important thing to keep in mind is that a lot of cyber-attacks can start small.  As an individual, making sure to not open any email from someone you don’t recognize, if you see a USB you don’t recognize left on your desk, don’t just assume it is from someone you know and trust, find out who it belongs to, do not ever give personal information or someone else’s information over the phone to someone you don’t know and always report and do not open anything sent to you that seems suspicious.  When your company has a cybersecurity meeting, pay attention, do not assume it is someone else’s job or that the information does not pertain to you.  As a company, making sure you inform your employees what to look out for is important.  When you hire someone new, making sure the onboarding process includes cybersecurity protocols for your business and having various reviews throughout the year is a good way to make sure everyone is on the same page.

Other effective ways to prevent cyberattacks is to ensure that your operating systems and networks are updated with the latest software patches.  Either your phone or computer, update your operating system and drivers regularly or have it set to auto update so that any new vulnerabilities are patched right away.  Your network connects your devices to the internet, routers and firewalls should have the latest firmwares installed.  Invest in a good anti-malware software and routinely update it to avoid exploits and vulnerabilities.

The Financial Industry Regulatory Authority (FINRA) and the U.S.  Securities and Exchange Commission (SEC) conduct an annual conference to discuss the examinations they have performed during the year.  Because of the significant threat that cyber-attacks pose they had a few suggestions that bear repeating.  They stressed education.  Not only for board members or management but for all employees as well.  Lack of information and knowledge leaves more room for criminals to gain access.  Often times there are policies in place, but people do not understand them or know how to implement them.  In this vein, policies regarding access to company information when an employee has left or when you stop using a company that you outsourced to are being overlooked as well, taking the steps to safeguarding your company and the information you are in charge of is not only important at the start, but also at the completion.

Risk assessment it very key as well.  “Risk assessment should be an ongoing process as opposed to a single point in time.  Firms should gather and evaluate indicators of potential risks on a monthly, quarterly and annual basis” (Belbey, 2017).  Being aware of what is going on in your industry as well as other companies is important too, keeping an open line of communication and working together helps to keep everyone informed.  Doing your due diligence is always of utmost importance.  Checking and double checking with whom you are conducting business before they have access to critical information is of the utmost importance.

Another challenge is that we now have all our information on our phones and in the cloud.  These two areas are difficult to protect as shown in the graph below provided by the Cisco 2018 Cybersecurity Report.  Ensure that your login account password pass the complex password test with a minimum of 8 characters includes: lowercase and uppercase alphabetic characters, numbers and symbols.

Also, we need to invest in skilled cybersecurity experts.  While lack of budget is often cited as reason for not having more up to date cyber security, the need is increasing and more professionals in this area are needed.  Spending a little extra in this particular area, could save you in the long run by preserving your reputation as a firm, protecting important information and saving you from monetary theft.  The first graph shows the constraints security professional face when managing security and the second shows that there are more companies hiring cybersecurity professional to help combat the rising cyberattacks.  As you can see the need is great and we are making progress.  However, we have to increase our hiring in this area to meet existing needs and for what the future is sure to bring.

Finally, but most importantly is backup, backup and backup.  The best defense against all threats is to make sure your backup is working properly.  That means backing up your important files and system information daily and testing the backup to ensure data were successfully backed up.

Conclusion

The one thing that everyone seems to agree on is that with the constant growth in technology and the persistence of the criminal element to gain access, we are behind.  We need to step it up and start educating ourselves so that we are better equipped in dealing with the changes to come.  We need to hire experts to aid us in building the best infrastructure we can, maintain it and optimize our security measures.  Implementing rules and regulations, policies and procedures maintaining a strict adherence to them will be imperative.  As demonstrated in this paper our world is rapidly changing in many ways.  We are able to easily connect with countries all over the world with the push of a button.  We are conducting business at levels we haven’t ever seen before and with that there is a price.  The need to protect our personal information, companies, business, markets, currency and future dealings with other countries has never been more vital.  “Whereas many years ago the primary threat was posed by criminals hoping to steal things like credit card information, the ecosystem has now evolved, with the biggest threats often posed by hostile nation states – the four most common being Russia, Iran, China and North Korea, Gerstell said.  All told there are now 30-some countries capable of inflicting cyber damage” (govtech, 2018).  Cyber-attacks come from seen and unseen threats making it more difficult to combat.  Open global lines of communication and awareness will be important to keep us all informed and prepare us for what’s to come.  Hopefully, we all be able to work together to maintain stability and security.

References.

“GCC Cyber Security Market 2016-2022 – Focus on Solutions, Services & Applications – Research and Markets.” Business Wire, Feb 04 2016, ProQuest.  Web.  7 June 2018.

Palo Alto.  What is Cybersecurity? retrieved from https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-security

Cisco.  What is Cybersecurity? retrieved from https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html

Pham, Sherisse.  (2017) What is ransomware CNN Tech What is Malware? retrieved from http://money.cnn.com/2017/05/15/technology/ransomware-wannacry-explainer/index.html

Lemonnier, Jonathan (2015) How Malware Works & How to Remove it retrieved from https://www.avg.com/en/signal/what-is-malware

Singer, P.W.  & Friedman, Allan.  (2014).  Cybersecurity and Cyberwar: What everyone Needs to Know.  Oxford University Press

Tech Target.  Social Engineering retrieved from https://searchsecurity.techtarget.com/definition/social-engineering

Turac, Natasha.  (2018).  US will impose costs on Russia for cyber aggression.  CNBC retrieved from https://www.cnbc.com/2018/02/16/us-will-impose-costs-on-russia-for-cyber-aggression-says-cybersecurity-czar.html

SCMP.  (2018).  Cybersecurity law causing ‘mass concerns’ among foreign firms in China retrieved from http://www.scmp.com/news/china/economy/article/2135338/cybersecurity-law-causing-mass-concerns-among-foreign-firms-china

Symantec.  (2018).  Malware- What is a botnet? Norton.  retrieved from https://us.norton.com/internetsecurity-malware-what-is-a-botnet.html

Belbey, Joanna.  (2017).  How To Avoid Cyber Attacks: 5 Best Practices From SEC And FINRA, Forbes.  retrieved from //wwwhttps.forbes.com/sites/joannabelbey/2017/06/30/how-to-avoid-cyberattacks-5-best-practices-from-sec-and-finra/#295d4311a16d

Department of Homeland Security.  (May, 2018).  retrieved from https://www.dhs.gov/topic/cybersecurity

Cisco 2018 Annual Cyber Security Report retrieved from https://www.cisco.com/c/en/us/products/security/security-reports.html

Rooney, Kate.  (June, 2018).  $1.1 billion in cryptocurrency has been stolen this year, and it was apparently easy to do, CNBC retrieved from https://www.cnbc.com/2018/06/07/1-point-1b-in-cryptocurrency-was-stolen-this-year-and-it-was-easy-to-do.html