How to make a business ‘invisible’ to hackers
Critical to every organisation is how to stop a cyber-security breach AND the damage it causes and do so within available budgets.
Organisations of all sizes need to have the 'right' security to ensure that hackers bypass their business and attack another victim. This process is often referred to as making a business 'invisible' to hackers.
In the rush to enable work-from-home as quickly as possible, many users connected to the internet via unsecure home WiFi. This has created a unique opportunity for hackers and attackers to breach and infect.
The situation is potentially even worse, as these infected machines are then taken back to the office and plugged directly into the corporate network from behind the firewall, giving hackers direct access into the entire network.
Every week we hear that another multi-national has been breached, their data stolen, a ransomware attack launched, and customers being extorted. This makes headlines because of the size and severity of the breach, but these are not the majority of attacks.
Small to medium businesses are under the greatest risk of cyber-attacks, as typically they have only basic AV (Anti-Virus) or NGAV (Next Gen Anti-Virus) and perhaps EDR (Endpoint Detection and Response) products installed – making them 'easy' targets for hackers and malware.
A small business is often not a victim of a targeted attack by a hacker, but using a hackers 'spray and pray' mythology, they are looking to infect as many (small) businesses as possible – it is quite simply a volume game.
The more businesses they infect, the more chances they will make money. In recent times, ransomware demands start at $US50,000 to $US100,000, even for micro-businesses with just a handful of computers.
Hackers look at the economics – it is harder to breach, steal data, and launch a ransomware attack (worth typically between $2 to $10 million) against an organisation spending hundreds of thousands or even millions of dollars on cyber-security. A large enterprise may even have a SOC (Security Operations Centre) with a dedicated team of security experts constantly watching for signs of intrusion 24/7.
On the other hand, it is relatively straightforward for a hacker to infect 10, 50 or 250 small businesses with just basic AV and charge them $50,000+ each. In fact, every 10-seconds another victim is infected with ransomware, as reported by Infosecurity Magazine. So that must raise the question, just how effective is your cyber security product in protecting you?
The reality is that it is mathematically impossible to be 100% breach-proof, regardless of how much is invested in cyber-security. There are quite simply too many attack vectors, and when combined with the ever-increasing capabilities of attackers, it becomes problematic.
Even the inexperienced attacker can now 'hire' a SaaS model for ransomware on the Dark Web. It is called Ransomware-as-a-Service, and it starts from just $100 per month, making it daunting for customers and MSPs alike.
The premier issue is that hackers can evade detection by traditional AV and NGAV products, essentially opening the doors and windows to a hacker to discover what the business has, steal its data, and launch a ransomware attack.
All is not lost; we simply need to go back to basics, understand the new issues, and put in place affordable solutions to minimise those issues. The objective for a small to medium business is to become as 'invisible' as possible to a hacker.
This involves moving from 'old school' detection-based cyber-security products to prevention-based solutions designed to stop the damage caused.
The following example is focused on small to medium businesses with limited budgets and minimal specialist security skills. But, of course, the same solutions can be deployed in medium to large organisations combined with additional layers, as they are under more targeted attacks and need extra layers of defence as the attacks are more focused and targeted.
The three pillars of a prevention-based cyber-security solution to help make a business 'invisible' are:
- Know what you have and which devices/applications have vulnerabilities that a hacker can exploit. Objective: Close the doors and windows to make it harder for a hacker to see and exploit the business. Run continuous, always-on vulnerability scans across your internal and external network.
- Understand what data is regulated, private and sensitive, its value, track how it moves, where it flows in and outbound with optional encryption of the data once it is no longer actively required by the business. Objective: Once breached, the vast majority (often exceeding 96%) of data that a hacker steals has been encrypted, and it has zero value to the hacker.
- Deploy prevention-based security to replace 'old school' detection-based AV and NGAV products that stop ALL unknown malicious files from writing to the disk. Objective: Stop the breach before the infection occurs without impacting productivity.
Now, a business may not be totally invisible, but a hacker will find it exponentially harder to breach it, and the objective is for them to move on to the next victim. As a guide, each basic layer should cost less than $5 per endpoint per month, with options available if more advanced protection is required.