Most of the organizations I speak with are talking about cyber-risk these days, and for good reason. Unfortunately, many of them are doing a lot more talking than actually doing. Some of this is human nature – threats are “somebody else’s” problem until they hit close to home, and it’s no different in cybersecurity. Often, the risk only starts to feel real once it’s too late. What actions can you take to get ahead of the game?
In response, individuals, government, and industry developed protection mechanism to address these attacks using solutions like LifeLock, HIPAA, and anomaly reporting and prevention technologies for credit card authorizations. The current state of the art for cyber theft is “ransomware”. Ransomware is malicious code that blocks or limits access to applications or files until the required sum of money is paid. The password to decrypt the files is then offered for purchase via credit card or bitcoin transaction. WannaCry also demonstrated one of the risks associated with paying the ransom demand as there was no decryption key that allowed for recovery of the encrypted files. For businesses, the higher value of the data and systems within the organization justify spending on additional defenses against malware and ransomware. Next-generation firewall with malware inspection enabled evaluate each downloaded file against a known list of malicious code. In addition to firewalls, more advanced anti-malware solutions and AI driven technologies can further improve the defenses by providing alternative methods for identifying and blocking attacks. One of the most effective approaches available to businesses is to provide training to users on security topics. Developing a comprehensive security plan can help ensure coverage of the current risks as well as helping to minimize the risk to the organization from unknown future attacks.