How to Bounce Back from a Cyber-Attack

Posted: 03/07/2022 - 09:00
Get best practices for how to prevent and recover from a cyber-attack, and how to train executives and employees to protect company data.

A few lines of code can take down an entire enterprise and cyber-attacks are growing in sophistication, says Salvador Padilla, Director of Information Security at DATAMARK and a former Information Systems Security Officer with the United States Navy. He shares his best practices for how to prevent and recover from a cyber-attack, and how to train executives and employees to protect company data. 

A Changing Threat Landscape

2021 set infamous records in terms of cyber-attack costs, as the damage of cyber-crime exceeded $6 trillion, according to Cyber Security Ventures. This is a 50% increase from just six years ago and has become a grave issue for every cybersecurity team. With a cyber-attack occurring every 11 seconds (compared to every 40 seconds in 2016), the number of threats SOC teams will have to face has increased four-fold.

Furthermore, ransomware attacks accounted for nearly $20 billion in damage in 2021, a whopping 57 times more than the cost of ransomware attacks in 2015 ($325 million).

Most cyber-attacks are financially motivated, and ransomware continues to be a major threat. However, ransomware isn’t the only type of attack companies are worried about since data corruption can stem from different attacks, including insiders and wiper-ware.

It’s only a matter of time before your organization is targeted as well, so it’s imperative to be prepared.

User Awareness

Due to many attacks being caused by users allowing hackers to gain access, it’s important to educate them on the risks and how to spot an attempt.

Employees can unknowingly fall prey to a phishing attack with just one click, and this is the single most used method to gain access to a contact center. That one tiny click can shake your business’ foundation to the core. After all, the average cost of a single data breach in the U.S. in 2019 was $3.92 million. Furthermore, phishing attacks were accountable for 32% of those breaches, according to a report by Verizon.

It’s up to your company to educate your employees on how to identify malicious emails by implementing the following:

1. Conduct a Company-Wide Cybersecurity Training

Security-savvy employees are your primary defense against phishing attacks. Creating a mandatory company-wide security training goes a long way in protecting your company’s data. Implement this training into your onboarding procedure with regularly scheduled refresher courses to follow.

Keep in mind that security education doesn’t have to be boring or formal. Your program will be more effective if you find ways to engage your employees. If they perceive the exercise as a mandatory session that they need to “get through,” your lessons will fall on deaf ears.

Training should cover best practices, but you shouldn’t stop there. Ensure that your employees know what to do if they notice something suspicious and the steps to take to alert management of the issue.

2. Teach Employees How to Identify a Phishing Email (and Quiz Them)

The most critical element of protecting employees from phishing attacks is to teach them how to identify phishing emails quickly. Because hackers use real company logos and add small details to make their emails seem legitimate, red flags can be difficult to spot if you don’t know what you’re looking for.

Add a quiz into your training to test your employees’ skills. Show example emails and ask them to identify if the email is authentic. This quiz is a great opportunity to add an engaging element to your security education. For example, make a game of it and recognize employees who answer correctly or participate with the most enthusiasm.

3. Show Real-Life Examples of Data Breaches Caused by Phishing

To help employees understand what you’re up against, show real examples of companies that have suffered a data breach as a result of a phishing email. Your employees will learn the most powerful lessons through raw data: dollars lost, people affected, damage to the company and other tangible facts.

It isn’t that your employees don’t care about the company’s security; however, without seeing what could actually happen, they may feel as though this training is more of a formality than a necessity.

4. Use Trusted Antivirus Software and Ensure It’s Routinely Updated

Mistakes happen. Even with excellent security training, an employee could accidentally fall for a phishing email. If that happens, you’ll want a robust antivirus software installed on your devices.

Remember that antivirus isn’t a set-it-and-forget-it solution. Always ensure that your software is updated and running at its best. Your IT department or service provider should keep an eye on your antivirus for all your company’s devices; however, consider that if some employees use their personal devices, your IT team will need to ensure those devices are protected as well.

5. Make Sure Executives are Involved in Your Security Initiative

A gap in many security programs often occurs with higher-level management. Though those are the teams that arrange for security training to take place, they are also often left out of the training. It’s assumed that they don’t need it or that they have more pressing issues to focus on.

Executives without security training are extreme liabilities to any company. Because they have the highest level of access to confidential data, hackers will target higher-level employees specifically, which is known as a whaling attack. Everyone in the company – from the very top to the very bottom – should be included in security training.

As phishing attacks become increasingly more sophisticated, it’s vital that your employees know what they’re up against. Through understanding the possible effects of a breach, employees will feel ownership over protecting the company’s data from being exploited.

Methods to Prevent Future Attacks

Ensure Endpoint Protection

Endpoint protection protects networks that are remotely bridged to devices. Mobile devices, tablets and laptops connected to corporate networks give access paths to security threats. These paths need to be protected with specific endpoint protection software.

Install a Firewall

There are so many different types of sophisticated data breaches, and new ones surface every day and even make comebacks. Putting your network behind a firewall is one of the most effective ways to defend yourself from any cyber-attack. A firewall system will block any brute force attacks made on your network and/or systems before it can do any damage.

Backup Your Data

In the event of a disaster (often a cyber-attack), you must have your data backed up to avoid serious downtime, loss of data, and serious financial loss.

Wi-Fi Security

Who doesn’t have a Wi-Fi-enabled device in 2022? And that’s exactly the danger; any device can get infected by connecting to a network; if this infected device then connects to your business network, your entire system is at serious risk.

Securing your Wi-Fi networks is one of the easiest things you can do to secure your systems.

Employee Logins

Every employee needs their own login for every application and program. Several users connecting under the same credentials can put your business at severe risk. Having separate logins for each staff member will help you reduce the number of attack fronts and offer improved usability.

Access Management

One of the risks an organization faces is employees installing software on business-owned devices that could compromise your systems. Managed admin rights that block your staff from installing or even accessing certain data on your network are essential to your security.

Remote Workers

Many business leaders believe that the risk of a data breach is higher when employees work remotely, but the basics still apply. The recent lockdowns forced many to work from home, catching many companies by surprise and creating a feeding frenzy for hackers to exploit vulnerabilities.  

Employees aren’t always able to recognize scams. Phishing scams, spoofing attacks, fake alerts, and the like can be so deceptive that even the biggest names fall for them. COVID-19 has only added fuel to this fire: On average, during the first half of 2020, four out of 10 Coronavirus-themed emails were tagged as spam, with fraudsters impersonating government, health, and financial institutions.

To prevent your remote employees from unwittingly falling into a cybersecurity trap, it’s imperative to implement the following:

1.    Establish and enforce a data security policy

2.    Equip your employees with the right tools and technology

3.    Frequently update your network security systems

4.    Regulate the use of personal devices

5.    Institute a “Zero Trust” approach

6.    Make sure all internet connections are secure

7.    Don’t overload your VPN

8.    Utilize multi-factor authentication

9.    Monitor employees’ remote work practices

10. Train your employees well and supply them with robust IT support

The Cybersecurity Roadmap

The recent rise in ransomware attacks and business-halting data breaches has made it clear that your organization must prioritize cybersecurity performance. But ad hoc security controls and defensive measures are not the answer. Instead, you need a strategic, risk-based approach with a cybersecurity road map as your guide. 

One of the reasons why threat actors are so successful is that they can exploit risk hidden in complex and expanding digital ecosystems. Because of this, the first step to creating a cybersecurity roadmap is to identify risk throughout your organization’s digital portfolio. One way to do this is to continuously scan your organization’s attack surface to gain a complete view of the vulnerable points. You can run a scan at any time to quickly visualize the location of your digital assets – including cloud instances and shadow IT – and the corresponding cyber risk associated with each. 

Next, you need to understand what security performance targets you should aim for and where you fall short. A helpful approach is to benchmark your security program against other organizations of similar size in your industry. This will allow you to make more informed decisions about where to focus your cybersecurity efforts.

You can also share your benchmark assessment with executives and board members so they understand how your program aligns with industry standards. From here, they can develop improvement plans and allocate resources where they’ll have the greatest impact.

Third parties are an essential part of your business ecosystem, but they also introduce cyber risks of their own. Supply chain attacks are becoming increasingly common, and mitigating these risks must be factored into your cybersecurity roadmap.

As discussed above, even if you resolve every vulnerability and secure every asset in your digital ecosystem, if a single employee clicks on a link in a phishing email or connects to the corporate network from a public Wi-Fi connection, your organization is at risk.

To mitigate this risk, plan for frequent cybersecurity awareness training sessions. Set a regular cadence that is right for your employees. Start with a four- to six-month timeframe, then test your employees to gauge their recall and modify the training schedule accordingly. Topics to focus on include proper password management, Wi-Fi safety, the importance of patching, etc.

With these valuable insights, you can better align your security program with business goals, prioritize security investments, measure success and continually improve.


About The Author

Salvador Padilla's picture

Salvador (Sal) Padilla has served as DATAMARK Director of Information Security since September 2021 and is responsible for the Information Security Management function of the organization, including the development, documentation, implementation, operation, and maintenance of the information security program.

He leads ongoing activities to preserve the availability, integrity, compliance, and confidentiality of the organization’s information resources and assets in compliance with applicable security policies and standards.

Before joining DATAMARK, Salvador functioned as an Information Systems Security Manager for the United States Navy. He developed, maintained, and oversaw the system security program and policies for crucial Department of Defense accredited systems. He ensured compliance with cyber security policies, concepts, and measures when designing, procuring, adopting, and developing new systems. He also maintained a working knowledge of systems functions, security policies, technical safeguards, and operational security measures.

His previous experience while he was in the United States Navy also included functioning as an Information Systems Security Officer, where he managed and executed all aspects of the Information System accreditation process in compliance with program specific guidelines and standards for multiple Classified and Unclassified Networking Systems. He also supervised and conducted regular audits to ensure that systems were being operated securely, and information systems security policies and procedures were being implemented as defined in security plans.

Salvador holds a Bachelor of Science in Business Management, as well as a Master of Science in Information Technology Management. Salvador also is an ISACA Certified Information Security Manager, Certified CompTIA Advanced Security Practitioner, and is a Certified Project Management Professional (PMP) from Project Management Institute.