Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.

Ryan Weeks, Chief Information Security Officer at Datto

February 18, 2020

6 Min Read

Every year, millions of people make New Year's resolutions to "get healthy." Sadly, studies show that less than 25% of them actually stay committed to their resolutions past the end of January, and only 8% completely see them through. The reason is that crash diets and costly gym memberships are merely tactics, not long-term strategies. (It's February. How are you doing with your resolutions?) The same is true for cyber fitness. Resolving to be more secure is worlds apart from actually making it happen.

Corporate spending on enterprise security increases every year in an attempt to prevent the next big breach, yet 2019 was record-breaking for breaches. This year, businesses of all sizes must avoid the crash-diet approach and make cybersecurity their top priority, moving away from the temptation of addressing individual problems with Band-Aids, and instead, move toward attaining long-term cyber fitness.

A Short and Effective Cyber Fitness Program
Traditional cybersecurity solutions, such as antivirus and email and spam filters, are no match for motivated cyber attackers. Reducing the risk of a successful cyberattack requires a multilayered approach that includes antivirus solutions plus the implementation of a total data protection strategy in order to maintain system health and improve online security.

● Exercise 1: Employee Education
Employees are the first line of defense against cyberattacks. Today, companies must provide regular and mandatory cybersecurity training to ensure all employees are able to spot and avoid a potential phishing scam in their inbox. In 2019, phishing emails were the leading cause of successful attacks along with lack of cybersecurity training, weak passwords, and poor user practices.

● Exercise 2: A Multilayered Approach
In addition to education, endpoint security technology, perimeter protection, and patch management are essential to build and maintain cyber fitness. If an employee does fall victim to a phishing scam, anti-malware protections are necessary to prevent a widespread infection. Antivirus is critical but not bulletproof, as new strains of ransomware are being created faster than ever. This is why a good endpoint security strategy may layer traditional antivirus with advanced endpoint security technology that looks for odd behaviors and not just that which is known to be bad. It is imperative that organizations understand where vulnerabilities lie within their networks and develop a total data protection plan.

● Exercise 3: Total Data Protection
As employees become educated and antimalware solutions are implemented, organizations need to do their part by implementing the most up-to-date situational awareness and vulnerability intelligence to identify and patch potential vulnerabilities through consistent monitoring. Two-factor authentication (2FA) across all technology solutions is one of the most effective controls to reduce the likelihood of a successful attack. Again, strong endpoint security can help prevent and quarantine ransomware before the malware can fully execute.

● Exercise 4: A Continuity Strategy
Organizations should invest in and activate a business continuity and disaster recovery (BCDR) solution if an attacker gets through. Businesses should focus on how to restore and maintain operations in the midst of a ransomware attack. A solid, fast, and reliable BCDR solution is a critical part of a successful cyber-fitness program.

Four Steps to Cyberattack Recovery
Setbacks are bound to happen, regardless of how well prepared an organization is. It's important that organizations understand what to do should they occur and note that an organization's proactive prevention strategy plays a big role in how well and how quickly it can recover from an attack.

Step 1: Inform the IT Team and/or Managed Service Provider (MSP)
If someone identifies an intrusion, it is time to enlist the experts. Downtime costs are up 200% year-over-year, and the cost of downtime is 23 times greater than the average ransom. When the stakes are that high, it is important to leave resolving the situation to the individuals responsible for keeping the business, its data, and its customers safe.

Step 2: Isolate and Identify the Infection
Once experts are notified of the incident, their first step should be to isolate the infection to prevent further spreading. To do this, they will need to remove the infected computer from the network, or at a minimum restrict access to all ports except those that are essential to recovery and cleanup of the threat. It is also important to identify the strain of malware the organization is dealing with to best understand the severity of the issue at hand and how to best recover fully.

Step 3: Determine the Source of the Infection
After the infection has been isolated, it is important that the source of the infection be identified. Was the ransomware implanted through email, external ports, stolen credentials, web browsing, etc.? Determining the root source of the infection better enables the security team to completely strip the malware from the system and ensure that the vulnerability is addressed, preventing the same situation from happening again.

Step 4: Lay All the Options on the Table
The findings of the previous steps will help inform the organization of its options and determine what the next move is. Should it rely on cyber insurance to mitigate the issue? Can it afford to pay (or not pay) the ransom to get the business back up and running in a timely manner? Or, did the organization take all the necessary proactive measures and implement a BCDR solution that it can rely on? In 2019, 92% of MSPs surveyed found that their clients with BCDR solutions in place were less likely to experience significant downtime during a ransomware attack and four out of five reported that victimized clients with BCDR in place recovered from the attack in 24 hours or less.

Businesses need to take ransomware very seriously and prioritize a proactive strategy to fight off attackers. As stated earlier, setbacks are bound to happen, but they don't need to be crippling. As long as an organization is committed to a strong cyber-fitness program, it can ensure a solid baseline that positions itself well for eluding attackers and recovering more quickly should the worst occur.

Related Content:


Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "8 Things Users Do That Make Security Pros Miserable."

About the Author(s)

Ryan Weeks

Chief Information Security Officer at Datto

As Chief Information Security Officer (CISO), Ryan Weeks is responsible for directing and managing Datto's Information Security program. Ryan spent 11 years securing enterprise applications, systems, and sensitive customer financial data at FactSet Research Systems, where he orchestrated all facets of the global information security program. Ryan holds a B.S. in Computer Information Systems from Ithaca College, a M.S. in Information Assurance from Northeastern University, and has industry security certifications including the Certified Information Systems Security Professional (CISSP) and the Certified Information Security Manager (CISM).

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights