Cybercrime is rampant. Each day, thousands of new strands of malware are written, causing businesses around the globe to lose millions of rands.
By Simon Campbell-Young, CEO of Phoenix Distribution
Cybercrime is considered one the most dangerous threats for all organisations, and even countries, as it can have a catastrophic impact on every aspect of a country’s growth.
Government entities, non-profits, private businesses and individuals are all potential targets of the cyber-criminal syndicates lurking on the dark Web.
Preventing cybercrime totally is impossible, but there are steps organisations can take to secure their valuable assets. A solid security posture is the best defence against attackers.
Every single technology user within the company must be aware of the risks of exposure to cyber threats, and should be taught about which best practices to take on board in order to lessen their potential attack surface and mitigate the possible risks.
Education and training are crucial elements of any security policy, and will help to nurture a culture of security that should be fundamental to every business. Every member of staff needs to be involved in the formation, definition and execution of the security policy and must be educated on the tactics, techniques and procedures employed by attackers to achieve their evil ends.
Prevention also means securing business resources such as endpoints and infrastructure. Every technology asset and piece of hardware or software that comes into contact with the corporate network must be continually scrutinised to assess its level of security and identify any possible anomalous behaviour.
Like most crimes, cyber-crimes can be characterised by specific patterns, which are identified through implementing threat intelligence analysis. This can help with the adoption of a successful prevention strategy. Remember, security needs to be handled on multiple layers, including intrusion prevention, identity management, endpoint protection, SIEM and analysis.
Moreover, sharing data and information about threats among vendors, as well as private and public sector organisations, is also crucial to the prevention of cyber fraud. The fundamental principles in fighting cyber-crime are prevention, the exchange of information, and investigation and forensics.
Working together and adopting these principles is the first step towards creating a safe, transparent and secure Internet. Law enforcement cannot handle this gargantuan task on its own. A concerted effort on the part of all stakeholders is a must.
Over and above prevention, it is vital to have an effective incident response and recovery plan in place to lessen any possible damage in the event of a security event.
Should a breach occur, it is of tantamount importance to restore business operations immediately. This can mean the difference between remaining in business and a company closing its doors.
Recovering from a security incident is made up of the activities associated with repairing and remediation of the any systems and processes that have been damaged or impacted.
An effective incident response procedure includes several steps. Firstly, the identification of the type of malware that breached the network, followed by the containment of the threat to limit any lateral movement on the company network.
Next, restoring any IT infrastructure once forensics investigation are complete, to ensure the business remains up and running.
Finally, reporting and sharing the threat information with stakeholders, security vendors and law enforcement, so that other businesses may learn from the incident.
I know that it is not possible to stop every single attack before it happens. However, having a layered approach to security and sharing threat information can only help to prevent future attacks.