In the wake of the devastating WannaCryptor attack that hobbled FedEx, Britain’s National Health Agency and countless other businesses in 74 nations, the business world is once again reminded of the seriousness of cyberattacks. While the threat never resides, flare-ups inevitably spark our curiosity about whether the right steps are being taken to discourage would-be attackers.
Many businesses look to lawmakers to provide support, so the Trump White House delivered a new executive order May 11th that is being sold as a first step toward a world where we no longer live in fear of these internet pandemics. What does the order say, and how are businesses coping with the harsh reality of constantly looming cyber threats?
No one is safe
Short of a fully cash-based brick-and-mortar operation, it is difficult to think of any business model out there not vulnerable to online attack. You don’t have to be an MBA to recognize that enterprise-level businesses are particularly at risk, given the large quantities of data involved in everyday operations and the numerous web-based technologies on which they rely.
Until someone invents an offensive countermeasure to discourage cybercrime—the digital equivalent of an armed police officer—the best thing businesses can do is build a strong defense. Even government agencies lack confidence in their ability to remain secure, with nearly two-thirds having experienced a confirmed breach at some point in time.
Trump’s new order mandates internal reporting to determine a number of critical government entities’ preparedness to defend against cyberattacks. It reportedly focuses heavily on defense of the US power grid, which has come under critique as a weak point in the nation's defense strategy.
Battle plans for businesses
The government’s main challenges center on understanding the needs of individual organizations. Independent businesses that don’t enjoy the backing of taxpayer dollars must protect themselves, too. For most, that means placing trust in the rapidly growing network security sector, where rival vendors are racing to beat cyber attackers to the punch.
A typical security complement for an enterprise-level business might involve three, four or five layers of security including disaster-recovery plans in case a threat compromises important systems.
Advanced firewalls filter out known threats and application-monitoring components watch for malicious behavior from programs operating at the system level. To maintain a high level of security, vendors distribute updates with information about new threats as frequently as multiple times a day. There are even cloud-based security measures designed to rapidly notify and protect all users as soon as the first instance of a zero-hour attack is recorded.
Even so, it’s common knowledge that most infections spread because of human error, through the use of social engineering techniques that take advantage of people’s naivety to gain access to company systems. As a result, cyberinsurance is a new service that can prove beneficial to businesses.
However, even cyberinsurers seek to limit their exposure due to the potential cost of data breaches. The online world is still so new, and the establishment of standardization in this field has been slow. While cyberinsurance may be worth looking into from a business standpoint, there are also risks and downfalls to consider.
New technologies bring new threats
Despite our best efforts, you can’t have advances in network technology without the presumption that they will be exploited and used against businesses.
The current host of spear phishing attacks, botnets and social media-based scams is only the beginning, and problems are going to worsen before they improve. Many businesses now allow employees to bring their own devices to work, a policy that can have disastrous results if it’s not executed with care.
Two examples of new systems that will inevitably be leveraged by cyber criminals are the Internet of Things (IoT) and self-driving cars. Cyber security experts acknowledge the need for extensive security around both technologies.
With IoT devices quickly making their way into the workplace—the so-called fourth industrial revolution—keeping cyberattacks out has a direct correlation with workplace safety. In the case of self-driving cars, the safety concern expands outside the workplace, but to say it’s not a matter of time until these systems are exploited would be fooling yourself.
Education is key to security
Until we can shift the tide of cybercrime by finding better ways to respond quickly when cyber attackers strike, each new day brings with it the prospect of crippling attacks. Business owners must prepare their technology and their workforce to defend against such threats.
Many businesses are implementing mandatory cyber-security training programs for employees. As part of their training, employees learn how to recognize suspicious behavior on their machine and practice safe browsing habits, and learn why it’s crucial to protect business machines from unsecure personal devices.
No amount of technology can replace human intelligence. People are the strongest—and weakest—element in a business’ security strategy, so take the proper steps when the stakes are high!