There are some difficult obstacles to overcome in the cyber-security tough-mudder challenge, from ransomware and phishing to insider threats and GDPR, but thorough preparation can boost your chances of success.
Assault courses such as the ‘Tough Mudder' challenge have exploded in popularity over the last few years. All over the world, participants queue up to pit themselves against a range of tough and grueling obstacles. The stakes are high. The consequences of failure to complete the course include entry fee forfeiture, wasted time and reputational damage among friends.
Similar obstacle races are mirrored in today's IT departments and unforgiving cyber-security landscape. This landscape is full of increasingly sophisticated threats. The difference is that companies are unwilling participants in these cyber-security challenges; and the financial and reputational consequences of failure are far more severe than someone having a joke at your expense. To survive the cyber-race, organisations need to educate employees about the challenges they face, equip their businesses with the right tools and flawlessly execute a mitigation strategy.
As the expression goes ‘forewarned is forearmed', so outlined below are some of the usual suspects that comprise cybersecurity obstacles for companies, along with tips for conquering them. Follow these and you can feel like your organisation is a cybersecurity ‘Tough Mudder.'
Ransomware is constantly evolving as a more complex, frequent and dangerous obstacle for companies. Last year, large-scale ransomware attacks such as WannaCry and NotPetya caused global chaos amongst businesses. Using the EternalBlue exploit leaked from the NSA, these strains of ransomware can spread like worms, create multiple layers of file encryption and, in the worst cases, even ‘brick' devices beyond recovery.
Unfortunately with ransomware on the rise, the prospects for 2018 do not look any brighter. If faced with an attack, companies should not give in to intimidation. Paying a ransom only further incentivises and motivates cybercriminals to make bigger threats and financial demands the next time. Instead, to prepare for an attack, companies should implement a top-tier recovery solution that allows end users to restore their machines in minutes if ransomware strikes. Taking this step minimises the amount of data that is lost in a breach, and ultimately saves businesses time and productivity as well as reduces their financial risk.
Phishing takes the form of a fraudulent and targeted email pretending to be from a co-worker or reputable organisation, such as a bank. These emails are sent to trick company employees into opening malicious links or sharing sensitive documents.
The higher the profile of the target, the bigger the ‘fish'. Attacks targeting the C-suite are known as ‘whaling'. Infamous whaling examples include Snapchat, Seagate and Austrian aircraft company FACC, which fired its CEO for a phishing attack that cost the company approximately €50 million.
Successful phishing attacks catch people unaware, which is why employees must keep a vigilant eye and always be ready to flag suspicious correspondences. Using ‘shock tactics' such as conducting dummy attacks can help instill a sense of responsibility for spotting these pernicious incidents across the wider business.
Like phishing attacks, insider threat can be a tough obstacle to spot and it can vary in its nature. These incidents range from a malicious employee who deliberately steals or leaks company information to an unwitting victim of a phishing attack. Regardless of motivation, the loss of sensitive company data can damage or even destroy a business.
To protect an organisation from insider threat, IT departments must have visibility over the flow of data through their business and be able to identify unusual patterns of data movement and interaction. They must implement the right data protection and visibility tools to ensure they can examine data archives and trails in the event of a breach, both to identify its scope and remediate the incident.
The General Data Protection Regulation (GDPR) goes into effect in May 2018. It signifies one of the biggest changes in data protection rules in two decades, as it will overhaul how businesses process and handle personal data in the EU. Should organisations fail to adequately safeguard personal data against a breach, or report a breach to the supervisory authority within 72 hours, they will face a fine equivalent to €20m or four percent of an organisation's global annual turnover, whichever is greater.
What does compliance involve? To start, you must have a full-stack security solution in place. The stack should cover all bases, from securing the enterprise perimeter with antivirus and malware protection, to detecting breaches and ensuring endpoint visibility. Deploying a comprehensive stack will send a signal to a stakeholder and regulatory body alike that your business has made a tangible commitment to data protection.
In addition, similar to insider threat protection tactics, you must have a firm understanding of where your company's personal data resides, including where it is created, used and stored. The cyber-challenge is personal data no longer lives just in your customer relationship management system. It also exists in a more unstructured way on company endpoints, such as laptops. Code42's CTRL-Z study showed that over 60 percent of corporate data is stored on user endpoints. And yet, as companies work to ensure compliance with the new General Data Protection Regulation (GDPR), they still may be overlooking these vulnerable areas.
An old military adage known as the ‘five P's' applies to the Tough Mudder challenge and cyber-security challenges in equal measure: ‘Proper preparation prevents poor performance'. Armed with knowledge and the right tools, your organisation can truly become a ‘Tough Mudder' capable of overcoming every obstacle.