IntaForensics is internationally recognised for resolving high-profile, complex security breaches, but the reality is that most of their work stems from easily preventable attacks. Indeed, around 85% of cyber-attacks that the IntaForensics team investigate could be prevented by the implementation of basic security practices..
We spoke with IntaForensics’ Director Damian Walton to find out how many attacks could be prevented by taking simple preventative measures, and how your staff should be regarded as your strongest line of defence.
“It’s amazing how so many articles you read preach that your employees are one of your biggest security vulnerabilities and go no further”, Damian said.
“Yes, the human element is often the underlying cause of a cyber incident, but why not turn this around and focus on the positive impact that security-aware employees can have on an organisation? Invest time and resources to inform and educate your teams and make this a regular requirement.”
It comes as no surprise that cyber attacks can be eye wateringly costly and potentially ruinous events for businessowners. The average cost of cyber security breaches in the last 12 months was £2,670 across all businesses of any size, according to Statista. However, this figure increases as the size of a business increases.
Damian aptly pointed out that “traditionally, larger companies tend to have a budget for cyber security, and a vast number of companies will also have in-house teams to manage their cyber security. Comparatively, SME-size organisations do not have this luxury. They can often be a target because the criminal fraternity know they won’t have the same resources in terms of finance and staffing for protecting themselves.”
Cyber security is fundamental housekeeping for enterprises of all sizes, but particularly so for SME-size organisations where IntaForensics do the majority of their dealings. While keeping your organisation cyber-secure may sound costly, your team can be your strongest ally. Keeping them in-the-know, aware and responsive can save you and your company thousands of pounds, ensuring that your data is safe and your customers are happy.
This is particularly important in the digital age where attackers have a large range of tools at their disposal, which would allow hackers to get around a business’s digital defenses. One in every 3,722 emails in the UK is a phishing attempt, which is twenty per cent higher than the global average, according to Databasix.
Email and webpage security awareness is a basic component of in-house company training, and with proper and complete guidance there is a window of opportunity to eradicate a large chunk of security breaches. Damian argues that there are several benefits of having a live or interactive element to company training, which should be enforced little and often.
“Commercial cyber business can often be severely impacted by an attack that could have been prevented by some training. Break it up and give it a bit of variety, so it’s not just ‘don’t do this, don’t do that’. We can see where other people have made mistakes and quite rightly, we would say don’t follow that path of thinking, let’s put something else in place. But little and often, just so that element of security is always in the back of your staff’s minds.”
Together with Damian, we have compiled a list of tips for keeping your staff informed and proactive when it comes to cyber security. Taking the following simple steps can help keep your systems and data secure, thus closing the door on cyber-attacks.
Top Ten Tips for your Team:
Create, implement and enforce a strong password policy
This is fundamentally important. Not only that, but making sure that it’s enforced. From our own experience of conducting investigations, so many attacks could be prevented if the company had implemented a robust password policy. It does feel sometimes like it’s Groundhog Day, going over the same thing again in terms of complexity, not repeating the same password on multiple sites, not using personal information that can be identified from other sources etc. If you’ve got one password for one site and you repeat it for others, it is just like having the same key for every lock in your house, car and office. Effectively, you’re giving the one key away to everything you own.
Use two-factor or multifactor authentication wherever possible
Two-factor or multifactor authentication provides the security of having added layers. It’s then not just the case of having a password that could be cracked and used for access. It could be biometric – facial or finger/thumbprint recognition. It could also be a token that generates a secure number that you have to put input, just to confirm that you are the person that has the password. Again, it adds a degree of complexity and considering the trade-off between complexity and security in that instance, multi-factor authentication should be used as much as possible.
Always use anti-malware applications and keep them updated
Real basics. Anti-malware applications really form the principles of Cyber Essentials. The attacks are coming in in their millions and you do need to have a defence. It is absolutely no use going to the extent of paying for some form of anti-malware product, installing it and then thinking that it will just look after itself. So when you install anything, make sure it’s configured correctly and updates automatically, and make sure it’s doing what it says it’s doing. A lot of the time these are fairly basic configurations, e.g. ‘tick a box’ to say please update constantly, and then in the background it will identify new types of attacks and defend against those for you accordingly.
Always keep your systems and applications updated and patched
There’s an analogy I like to use of whack-a-mole. Think of the game where you’re banging the mole on the head. Yes there will be vulnerability identified because there’s the cyber criminal out there focusing on identifying holes in the system. So they will identify a hole in the system and then the manufacturers or big providers will create a patch: literally there’s a hole and the provider patches it up. If you don’t install it, the attackers/hackers will identify systems that have got that vulnerability and there’s a hole for them to walk into and exploit. You may patch that one, so you’ve hit the mole on the head, but rest assured sometime later the next one will appear and it’s an ongoing process. So it really is a housekeeping activity to keep on top of things.
Control what and who can access your systems
You have some control on how much company data your staff can access, usually through an account-based process. Quite often it’s a case of requesting the IT team or management to approve who can have access to systems and, importantly, what access they can have. It’s controlling the fact that it’s not a free-for-all. It’s not having fifty people in your company and all fifty people having access to every single thing in that organisation because, invariably, they won’t need it. The principle that often gets quoted here is the principle of least privilege. So you are given just the minimum access that your job requires for you perform your role. If you need any greater access than that, you must go through a formal process to apply for that access. It should be considered, and, if appropriate, approval given and documented so there’s a track on what’s happening there.
Monitor all of your IT systems
Know what’s going on. There are various levels of effort you can go to for this, but have something in place where you’re seeing what’s going on in your system. Things such as file integrity monitoring (FIM), which will tell you if any significant files have been changed. It will create a log file to show, for example, at 03:00 there was some strange activity and as a result of that strange activity, six sensitive files have been altered. That activity will be produced in a log and flagged as an alarm. Straight away this can give an indication that something untoward and unauthorised is happening or has happened. You can focus in on that and see what’s going on.
One of the many services we’re able to offer, which is particularly useful for the technologically non-savvy, is a type of scanning/monitoring. It is targeted and entirely bespoke for the customer. From a low-level we can do what we’d class as a basic health check – we would come and look at your systems, see what’s in place, and arguably more importantly, what’s not in place and produce a gap analysis, advising what the greatest risks are at this time. Because the threats are ever-evolving, we can give an indication of where your highest risks are, and what we or you can implement to minimise those risks.
There are varying levels of service we can provide, for example we can also provide a service using a product called a SIEM (Security Information Event Management) solution. You can think of SIEM as analogous to a traditional burglar alarm system. It will monitor the network, it will monitor end points, it will monitor devices and it will flag an alarm if something untoward is happening. It provides warnings for immediate response and is the most effective level of security, because if you’re being attacked or somebody is trying to attack you this system will notify our experts that something is going on and we can act accordingly.
Manage and control the use of all mobile devices (especially BYOD)
Bring your own device has been around for a few years now, but has arguably become more prevalent in the past 12-18 months due to the increase in homeworking where employees are using their own personal devices to access company information and resources. It may be your own laptop, iPad, tablet or mobile device. Called BYOD (bring your own device) or BYOD (bring your own disaster…..), whichever way you want to look at it! They are a necessity to keep businesses going, it’s a case of managing the infrastructure. In addition to this, you’ll need to make sure that you have robust training and education programmes in place, to properly educate your staff.
Create and implement a robust Incident Management Plan
If things ever go wrong, you will need an Incident Management Plan. Situations change and things go wrong very quickly, and in the case of something like a ransomware attack, one click on a file and within seconds your desktop screen is starting to freeze. A warning sign may appear and you’ll receive a notice saying you’ve been attacked – you then can’t access your files, you can’t access Google to try and find anything … you need to know what to do and you need something in place. Yes it’s a document, but it’s so important for businesses to have that documented number of steps in place that if things go wrong, you know what you need to do and that will solve so much heartache in the early hours of an incident.
Backup your data
If you’ve got a business and you suddenly lose access to everything, your business could literally be disappearing before your very eyes if you don’t have a back-up process in place that can get you running again as soon as possible. Not a difficult concept, but it’s one that a lot of companies don’t actually think about until it’s too late. However, it’s essential to have a place where your key data (that is, data you need to function as a business) is backed-up on a regular basis. You will need to have access to it so that in an event of an emergency, it can be restored and you can be back up and running again quite quickly. Ideally at least one copy of your back-up data is securely stored off site to give yourself an added degree of resilience.
Look further afield and consider your supply chain security
There’s no point whatsoever in doing everything you can to be the securest company in the world, but allow somebody to come in and access your system from another company that doesn’t have the same level of security. Some of the biggest global payment card breaching in the last ten years has all been caused through third-party access, so it’s definitely an important security consideration.
IntaForensics provides a comprehensive range of cyber security services designed to prevent, monitor and respond to security breaches.
We boast a team of 50 cyber security and digital forensics experts and a growing market presence. Our consultants will be able to assist with all Digital Forensic Investigations PCI/DSS QSA, PCI/DSS PFI, Cyber Security and Incident Response.
Quality underpins everything we do, and we’re proud to be UKAS 17025:2017 accredited and ISO/IEC 27001:2015, ISO 9001:2015 and ISO 14001:2015 certified.