Cyber Security Essentials: Lessons Learned from Cyber Attack Survivors
Cyber attacks present a clear and present danger to businesses and individuals globally. Take these essential cyber security steps to protect your business
Cyber Security Essentials: Lessons Learned from Cyber Attack Survivors
>
Writen by Joe Cannata
Posted onJanuary 1, 2020
Cyber Security Practices to Mitigate the Risk of Data Breaches
Cyber attacks present a clear and present danger to businesses and individuals globally. Take these essential cyber security steps to protect your business
According to the 2019 Ponemon Cost of a Data Breach Report, the average annual cost of data breaches in the US is $8.19M. The meteoric progress of technological advancements, virtual data and the internet of things has resulted in a corresponding spike in the incidence of cyber security breaches, hacks and attacks in the form of viruses, worms or other malicious software deployments. By 2021, the Herjavec Group projects $6 Trillion in annual costs worldwide as businesses and society continue on a trend towards increased technology and virtual data reliance.
The fallout from these incidents can be staggering in magnitude, particularly when the victims are corporations with large customer bases – as was the case with the following:
2013: Target – 40 Million credit and debit card numbers hacked from POS system, along with 70 Million records of personal customer information
2014: Yahoo – 3 Billion user passwords and usernames exposed; security questions and answers also compromised
2014: eBay – 233 Million customer passwords and log-in credentials exposed
2014: Home Depot – 56 Million customer credit and debit card numbers, along with e-mail addresses
2014: JP Morgan Chase – 76 Million household and 7 Million business accounts compromised, including stolen contact information
2017: Equifax – 145 Million customers impacted with theft of personal information and credit card information
2018: Marriott – 500 Million customer records stolen, including personal and travel information
2019: Citrix – Significant amounts of business information / documents potentially exposed
Despite the present and continuing threat posed by cyber attackers, businesses need not be defenseless. Proactive defensive and preventive measures can be taken to mitigate the risk. Below is a list of lessons learned from survivors of the more notorious data breaches in recent years:
Emphasize the importance of IT security from the Board of Directors down through the entire organization
Recognize the threat of malware. Educate employees and continually provide refresher courses on the reality of dangers posed by clicking on e-mail attachments/embedded links from unknown senders or sources
Install proactive security defenses – i.e. tools which monitor systems for evidence of attack/hack attempts
Implement password rules to bolster password strength
Clear and change passwords / logins on a regular basis
Ensure firewalls and anti-virus programs are up to date
Invest in high caliber IT Network Security Staff or Consultants
Employ strong internal cyber security controls and measures – e.g. limiting access to sensitive information and installing multiple levels of authentication for employees with access to sensitive data
Encrypt sensitive data
Regularly monitor user accounts to ensure validity
Revoke access for terminated employees and vendors immediately
Ensure third party partners / vendors have strong cyber security protocols in place
Continually review and update existing IT security processes and procedures
Invest in new technology / tools as needed to support revamped security protocols
Perform full back-ups of critical data at least on a monthly basis. Information should be encrypted and stored at a secure, off-site location
Schedule recurring, incremental back-ups on a weekly basis
Invest in a Cyber security Insurance partner
Draw up a robust crisis and incident management plan