5 Biggest Cybersecurity Mistakes and How to Avoid Them
Updated: Feb 9, 2022
Definition of cybersecurity
: the illusion of preventing human mistakes by technical means
Examples of cybersecurity in a Sentence
User1: "Hey Bob, the Cybersecurity department said we need to change our passwords today. I have run out of names to use."
User2: "Damn. I still have one left. Hang on, let me write it down on this Post-it just in case."
Urban Dictionary. Cybersecurity. In UrbanDictionary.com dictionary. Retrieved January 14, 2022, from https://www.urbandictionary.com/define.php?term=Cybersecurity
Like Bob and his counterpart above, we’ve all been reminded that it’s time to change our password, but this is a tiny piece of a comprehensive cybersecurity plan. In today’s business environment Cybersecurity requires a structured plan to be deployed and supported at all levels of an organization to eliminate gaps, which can prevent a situation like Bob’s from resulting in your organization becoming a victim.
Although there is not a one size fits all plan to address your businesses unique requirements there are standard principles that every organization should use to keep a solid security stance.
We’ve outlined 5 of the most common mistakes that your company may be making as you attempt to defend your business. And we’ve provided some recommendations to help you fix these mistakes.
Mistake 1 - Why would they target us?
We’ve all heard of security breaches resulting in the loss off PII (Personally Identifiable Information), Credit Card Numbers, or Social Insurance Numbers from more companies than we can recall. When researching examples for this post I found the following:
Ukraine Reports Massive Cyber Attack on Government Websites (Security Week)
Hot wallet hack: Hackers steal $18.7m from Animoca’s Lympo NFT platform (HackRead)
School’s out as cyberattack forces Albuquerque Public Schools to cancel classes (Albuquerque Journal)
Maryland confirms Ransomware Attack at Health Agency (Security Week)
600K Credit Reports, Financial Data, and Collections Records Exposed Online (Website Planet)
FIFA Ultimate Team Account Takeovers Plague EA Gamers (ThreatPost)
Unfortunately, these examples were reported in just a 2 day period! These stories have made headlines because of the loss of personal information and the disruption to critical services such as schools, health services, government services and jails.
It’s easy to believe that with these headlines, which are focused on public entities, that your company isn’t a target. In reality every organization in every industry is a target of campaigns to gain access to systems and data. Every organization has valuable information and needs to take the right steps to protect it.
Being a target isn’t just about protecting your information, it’s critical to also ensure that your infrastructure isn’t damaged. Being unable to communicate with your clients, being unable to pay your staff, being unable to work, all of these are extremely costly to any organization in financial, operational, and reputational terms.
Our Recommendation: This is a risk that has to be taken seriously and must be treated as a priority. It’s important to conduct regular assessments and test vulnerabilities identified in your people, processes, and technology.
Mistake 2 – We have free antivirus, we’re good!
In today’s security landscape deploying free antivirus simply isn’t enough to prevent advanced attacks from occurring. By using free antivirus your company is relying on software that generally has lower detection rates and lacks central management, policy, and reporting capabilities.
You've most likely heard the expression "If you're not paying for it, you become the product.". Free software may be collecting your data without your awareness and sharing it to others in order to monetize their product. In the worst case you are now relying on that organizations cybersecurity plan to protect your information which may result in a breach if their own systems or processes have design flaws such as "Did AVG leave your personal data exposed?" (CNet).
Relying explicitly on antivirus software to protect your data depends on security companies who aren't able to update their tools as fast as technology is evolving. While antivirus software has heuristics capabilities, it's not uncommon for zero-day updates to be released reactively to new spreading viruses.
Finally, it’s increasingly common for attacks today to no longer solely use malware to gain access to an organization and attacks have expanded to leverage social engineering, phishing and other non-technical paths to gain entry.
Our Recommendation: It’s important to continue to use antivirus but it’s equally important to ensure that it is a reliable product that provides centralized management, policy capabilities and reporting and alerting for your IT team. It's critical that it be continuously updated and part of an overall layered security approach. Organizations need to deploy multi-layered security that focus on Users, Perimeter, Network, Endpoint, Application, Data, and Mission-Critical Assets. It’s unlikely an individual layer will provide adequate protection, but by having security built at each layer you gain additional protection which reduces the possibility of a security breach the more layers that you have secured.
Mistake 3 – It's going to take how long to get back up and running?
Your IT team or provider has collaborated with you to name critical line of business applications, critical data, critical users and define recovery time objectives (RTO) right? You review your incident response plan annually, ensure that application owners are assigned and have a thorough disaster recovery plan to follow in the event calamity strikes?
It's common after a breach occurs to focus on getting back up and running, and while that is of obvious importance starting restoration efforts before it has been identified how the breach occurred is putting the cart before the horse. If the circumstance that led to the breach hasn't been rectified, it's possible that performing a restore will be required again if the same hole is used again to compromise you another time.
With the average cyber-attack recovery taking 22 days (Statista) it's essential to follow your incident response plan and to systematically resolve the issue that led to the breach. After those issues are resolved then recovery efforts can begin. This can be the hardest part for an organization if there wasn't appropriate backup infrastructure built to allow essential data or systems to be recovered quickly allowing the organization to return to regular business.
Recovery Time Objectives are critical to guide the recovery and rely on the backup infrastructure that was implemented to be successful. Having all of your data backed up to the cloud is good in practice, but if your internet speeds result in recovery taking 3-4 weeks or longer this can be a deal breaker for an organization. And it's the worst time to find out that recovery is going to take weeks when you need it the most.
Our Recommendation: Two critical components needed to support an organization in case of a breach are developing an incident response plan and the confirming the capabilities of the backup infrastructure. Defining the applications, data and staff that are essential and how long they can be offline ensures that the backup system is designed to minimize disruption. Developing an incident response plan and then testing it and updating it will help guide the organization on finding, containing, eradicating, and recovering from a breach.
Mistake 4 – You said you were watching this stuff!
Endpoint security is only as good as the monitoring that is behind it. Deploying security software and not watching any alerts that come up, or not ensuring that it is being updated constantly to prevent issues will leave security holes that are costly to resolve after the fact. It’s common practice for attackers to find recently identified security holes to try and gain access to an organizations network, so it’s important to monitor the perimeter as well as abnormal activity within the network. In the typical security stance organizations focus on the perimeter, relying on a single layer of security, by expanding monitoring to watch all internal systems and not just the firewall and remote access it gives you a better chance of detecting a threat.
Our Recommendation: Deploy technology such as XDR (Extended Detection and Response) that can continuously watch endpoints. This visibility is critical to proactively watch and detect threats. Looking for abnormal activity throughout your network can help find that there is an attack underway. If you can find this quickly you can isolate and reduce the impact to your organization.
Mistake 5 – Who’s responsible for our security again?
Security is not any one persons “problem”. Technology is certainly part of the solution, but a comprehensive solution requires support from all members of the organization and factors policies, processes and strategy.
In the “FIFA Ultimate Team Account Takeovers Plague EA Gamers (ThreatPost)” article above the investigation found that “Utilizing threats and other ‘social engineering’ methods, individuals acting maliciously were able to exploit human error within our customer experience team and bypass two-factor authentication to gain access to player accounts,”.
In this example the organization has implemented added training for individuals who support user accounts specifically focused on security practices and phishing techniques. Additionally, processes are expanding that now require secondary approvals for all email change requests.
Organizations need to focus on protecting their clients personally identifiable information, but also need to guard their trade secrets, research and development, and intellectual property. Attacks have financial, operational and reputational impacts that it is up to everyone to protect against.
Our Recommendation: Cybersecurity risks need to be managed at the highest levels of an organization. Senior leaders don’t need to be educated in the subtleties of cybersecurity, but it is essential that they understand the dangers the business might be presented and assign resources to create, maintain and test a comprehensive plan. Assigning resources into preparing, educating and testing train the entire organization how to differentiate and avoid attacks.
A comprehensive cybersecurity plan sets up the processes, technology and training needed to prevent security breaches that could occur if Bob and his counterpart do use those Post-it notes to write down their passwords. But by implementing a multi-layered approach to security, it gives an organization the best chance to prevent being attacked. Continuous testing, identification and resolution is necessary to protect organizations from attackers that are constantly trying to gain access to your business.