Amid the strain on businesses during the COVID-19 pandemic, global cyber-attacks are on the rise. Making internal business changes holds the key to survival, businesses need to review security protocols now.
Over the last few months, we have seen a huge increase in the amount of cyber-attacks. Twitter. Garmin. Reddit. YouTube. The many healthcare systems. The recent npm packages. There are more, but those security issues made the biggest headlines. On top of cyber-attacks, we’ve seen multiple cloud services problems, Microsoft had a configuration issue impacting several areas of business, Bank of America had a typo in its code resulting in customers seeing a $0 balance online. If businesses want to avoid extra labor costs and everything else that comes with a service disruption, as well as do more to prevent a breach, something has to change. Businesses need to review security protocols as soon as possible.
We’ve talked before about how the culture around InfoSec needs to change. InfoSec professionals are burning out for a variety of reasons. Cybersecurity budgets are improperly drawn because executives often don’t consider certain costs. Hackers continuously change their tactics. Incident response teams are on high alert.
As humans, our emotions and current stress levels are heightened right now. Adults are working from home, kids are being educated from home, some families are under isolation due to health concerns and going anywhere causes anxiety levels to rise as we try to keep our distance and wear masks. We thrive on social interaction, it’s a fundamental part of how humans survive. In lieu of being and interacting with other people in-person, we are doing everything virtually. Virtual happy hour. Virtual game night. Virtual movie and concert experiences. All of this internet-based activity means that bad actors have more surface area to exploit.
On top of that, some people lost their jobs or were furloughed or saw their business get shut down. As those people struggle, they are sometimes even more susceptible to bad actors because they are more likely to fight skeptical feelings in the pursuit of opportunity.
In light of all of this, it is imperative, crucial, vital, necessary to ensure that your business has proper protections in place. It’s time to review your security practices, your storage methods, your incident response plan, your budget. Budgets for 2020 have already been blown in some places because business is vastly less than anticipated. But if you have to throw money at a certain part of your business, make it security. It is a foundational obligation to you, as a business owner, to ensure the safety and security of your customers, clients, business partners and employees sensitive information. If there is a breach of any kind, it falls on the business. That will lead to extra costs like fixing the weak spot, mitigation of the breach, loss of business due to lack of trust, legal fees and reparations.
Look again at the Capital One incident where they were fined $80 million for leaving a known vulnerability unpatched. That doesn’t account for the legal fees, reparations, mitigation, fixing the problem or loss of business due to lack of trust. In all, Capital One paid out far more than that. As a giant financial institution, they have the assets to cover those costs. But the majority of businesses out there do not.
So, here are some key things to review right now:
- IAM controls (ensure least privilege is used everywhere)
- Incident Response plan, including which employees are on the team
- Firewall and other cybersecurity settings
- Email filters
- Systems and processes (look for fragility and modernization opportunities)
- Cloud services settings and costs
- Cloud migration if not using the cloud
- Open-sourced code
- VPN settings (every remote employee should be logging in through a VPN using 2FA)
- What alerts are set and who gets notified
Remember, your business is on the hook if something goes awry. Bad actors are on the hunt, looking for easy prey to exploit. Don’t be easy prey, make it hard for attackers to get through. They’d rather move on and remain undetected than bludgeon a hole through a wall and raise alarms. Be safe and ensure the safety of your data and information. And if you’re not sure how to do even one of those things, hire an expert! That cost will be far less than the cost of a breach. At the end of the day, you want your business to run smoothly, efficiently, securely, and, most importantly, you want it to stay open. Take the steps to make it happen.