Garmin and Twitter recently joined the ranks of a string of global organisations that have fallen victim to crippling cyberattacks.
By Byron Gibson, product manager at Seacom
A little closer to home, last year, the City of Johannesburg’s network was also hacked and held ransom for a hefty 4 bitcoins (worth around R520 000 at the time).
While the nature of these attacks may be different, it’s clear that cybercrime is on the rise and companies of all sizes and across all sectors need to be vigilant.
An ideal environment for cybercrime
It’s no surprise that these attacks are becoming more common in today’s increasingly connected society. The rise of online applications and services means unprotected users are more exposed than ever before.
Added to this, the current pandemic has pushed many organisations to implement remote work policies to ensure business continuity.
As a result, the corporate network perimeter has been extended beyond the physical bounds of a business and into the homes of all employees.
Which further complicates the process of securing these endpoints, and consequently, the corporate network itself.
The far-reaching impact of a breach
By compromising company networks and causing downtime and service disruption, these attacks can end up costing businesses millions of rands in financial damages.
In a 2020 survey of 200 South African companies conducted by Vanson Bourne, the average cost of remediating a cyber-attack was found to be R3 730 000.
However, the negative effects don’t end there; if threat actors manage to encrypt customer data or company billing information, this deals another crippling blow to an organisation’s ability to operate.
While difficult to quantify, the reputational damage caused by these attacks can ultimately lead to a reduction in sales as customers’ faith in the organisation’s ability to secure itself wanes.
Effectively defending against cyber threats
Threat actors employ a variety of attack vectors in order to compromise your network. As such, it is important that organisations implement layered security policies and systems that decrease the attack surface and defend against multiple attack vectors.
You can improve your organisation’s security posture by implementing the following best practice measures:
* Ensure you have the best protection, including a high-performance next-gen firewall with IPS, TLS Inspection, sandboxing, and machine learning ransomware protection.
* Lock down RDP and other services with your firewall. Use your firewall to restrict access to VPN users and whitelist sanctioned IP addresses.
* Reduce the attack surface area as much as possible by thoroughly reviewing all port-forwarding rules to eliminate any non-essential open ports. Every open port represents a potential opening in your network.
* When an infection hits, it’s important that your security solution is able to quickly identify compromised systems and isolate them until they can be cleaned up.
* Even the most comprehensive security solutions have the potential to be compromised. Implementing an offsite backup solution and disaster recovery measures will ensure that your business is able to recover as quickly as possible from any data corruption or loss that might occur.
What to look for in a cloud service partner and security system
A provider that takes your data security seriously needs to have partnered with industry-leading technology vendors to ensure customers are well protected against a wide variety of threats.
Your cloud service partner should be able to recommend a firewall that includes intrusion prevention systems that identify the latest network exploits that threat actors are using.
Some tech uses machine learning to analyse files entering the network to help ensure that even previously unseen ransomware variants, exploits, and malware don’t spread via spam, phishing, or web downloads.
Ensuring the safety of the network, while staff continue to perform their functions remotely, is currently top of mind for many IT managers. Thankfully, simple VPN options enable you to close all the holes in your network and remove your reliance on vulnerable RDP connections, while still providing full access to your network for authorised users.
Automation can go a long way to bolstering security. Can your software detect a ransomware attack in progress, stop it, and roll it back automatically or catch ransomware before it gets onto your network? If not, you should ask your cloud provider about better alternatives.
Attacks are becoming more co-ordinated than ever, so having a co-ordinated defence system is key to ensuring your business’s ability to seamlessly deal with these attacks. You need an integrated system that can automatically respond to attacks by detecting the first signs of compromise, automatically isolating and remediating infected endpoints, and then notifying you.
As a business owner or IT manager, being aware that your network no longer ends where it previously did is the first step in improving your organisation’s cybersecurity strategy.
Protecting every part of your system (up to the new endpoints in your employees’ homes and educating them on cybercrime) and implementing a comprehensive security solution can be an extremely daunting prospect for many businesses.
Partnering with a provider with the skills and expertise to understand all aspects of cybersecurity are critical in ensuring the safety of your network and data in this ever-evolving threat landscape.